Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cyclades-serial-client-0.93/aix-dev.c
Examining data/cyclades-serial-client-0.93/cyclades-ser-cli.c
Examining data/cyclades-serial-client-0.93/hpux-dev.c
Examining data/cyclades-serial-client-0.93/inc/conf.h
Examining data/cyclades-serial-client-0.93/inc/control.h
Examining data/cyclades-serial-client-0.93/inc/cyclades-ser-cli.h
Examining data/cyclades-serial-client-0.93/inc/daemon.h
Examining data/cyclades-serial-client-0.93/inc/dev.h
Examining data/cyclades-serial-client-0.93/inc/misc.h
Examining data/cyclades-serial-client-0.93/inc/port_speed.h
Examining data/cyclades-serial-client-0.93/inc/sock.h
Examining data/cyclades-serial-client-0.93/inc/system.h
Examining data/cyclades-serial-client-0.93/inc/telnet.h
Examining data/cyclades-serial-client-0.93/inc/tsrio.h
Examining data/cyclades-serial-client-0.93/inc/tsrmeasure.h
Examining data/cyclades-serial-client-0.93/libcsc/libcyclades-ser-cli.c
Examining data/cyclades-serial-client-0.93/linux-dev.c
Examining data/cyclades-serial-client-0.93/measure.c
Examining data/cyclades-serial-client-0.93/misc.c
Examining data/cyclades-serial-client-0.93/sco-dev.c
Examining data/cyclades-serial-client-0.93/sock.c
Examining data/cyclades-serial-client-0.93/solaris-dev.c
Examining data/cyclades-serial-client-0.93/system.c
Examining data/cyclades-serial-client-0.93/tbr.c
Examining data/cyclades-serial-client-0.93/tbr1.c
Examining data/cyclades-serial-client-0.93/telnet.c
Examining data/cyclades-serial-client-0.93/tsrio.c
Examining data/cyclades-serial-client-0.93/unixware-dev.c
FINAL RESULTS:
data/cyclades-serial-client-0.93/aix-dev.c:206:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, stty);
data/cyclades-serial-client-0.93/aix-dev.c:207:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/aix-dev.c:439:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/aix-dev.c:446:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/aix-dev.c:1009:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "M_IOCTL (Ioctl %c %d), %d bytes: %s\n",
data/cyclades-serial-client-0.93/aix-dev.c:1016:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s, %d bytes\n", msgt, size);
data/cyclades-serial-client-0.93/aix-dev.c:1021:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s: queue %d", msgt, buf[0]);
data/cyclades-serial-client-0.93/aix-dev.c:1026:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1031:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1035:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1039:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1043:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1047:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1051:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1055:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1060:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1065:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1069:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1073:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1077:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1081:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1085:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1089:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1093:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1097:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1105:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1109:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1121:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1126:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1132:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/aix-dev.c:1186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ioctlbuf, "%s", msgt);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:207:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(control_addr.sun_path, P_contrname);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:287:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Idmsg, "%7s %s", cp, device);
data/cyclades-serial-client-0.93/hpux-dev.c:201:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, stty);
data/cyclades-serial-client-0.93/hpux-dev.c:202:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/hpux-dev.c:396:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/hpux-dev.c:403:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/hpux-dev.c:518:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/hpux-dev.c:525:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/hpux-dev.c:1101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "M_IOCTL (Ioctl %c %d), %d bytes: %s\n",
data/cyclades-serial-client-0.93/hpux-dev.c:1108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s, %d bytes\n", msgt, size);
data/cyclades-serial-client-0.93/hpux-dev.c:1113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s: queue %d", msgt, buf[0]);
data/cyclades-serial-client-0.93/hpux-dev.c:1118:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1127:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1131:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1143:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1151:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1155:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1159:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1167:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1171:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1175:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1183:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1187:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1195:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1199:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1207:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1211:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1215:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/hpux-dev.c:1270:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ioctlbuf, "%s", msgt);
data/cyclades-serial-client-0.93/linux-dev.c:172:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctty, "%s%c%c",
data/cyclades-serial-client-0.93/linux-dev.c:220:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stty, "%s%c%c", SLAVE_PREFIX,letters[i], ports[j]);
data/cyclades-serial-client-0.93/linux-dev.c:243:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, stty);
data/cyclades-serial-client-0.93/linux-dev.c:244:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/linux-dev.c:445:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/linux-dev.c:690:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (procbuf, "%d %s %c %d %d %d %d %u %s",
data/cyclades-serial-client-0.93/linux-dev.c:757:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ioctlbuf, "%s", msgt);
data/cyclades-serial-client-0.93/sco-dev.c:141:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctty, "%s%d",
data/cyclades-serial-client-0.93/sco-dev.c:169:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stty, "%s%d", SLAVE_PREFIX, i);
data/cyclades-serial-client-0.93/sco-dev.c:190:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, stty);
data/cyclades-serial-client-0.93/sco-dev.c:191:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/sco-dev.c:392:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:235:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, pts);
data/cyclades-serial-client-0.93/solaris-dev.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/solaris-dev.c:474:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:481:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:578:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:648:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:655:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:770:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:777:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:864:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debbuf, oct);
data/cyclades-serial-client-0.93/solaris-dev.c:1122:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (procbuf, "%d %s %c %d %d %d %d %u %s",
data/cyclades-serial-client-0.93/solaris-dev.c:1188:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ioctlbuf, "%s", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1212:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "M_IOCTL (Ioctl %c %d), %d bytes: %s\n",
data/cyclades-serial-client-0.93/solaris-dev.c:1219:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s, %d bytes\n", msgt, size);
data/cyclades-serial-client-0.93/solaris-dev.c:1224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s: queue %d", msgt, buf[0]);
data/cyclades-serial-client-0.93/solaris-dev.c:1229:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1234:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1238:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1246:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1250:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1254:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1258:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1262:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1266:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1270:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1274:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1278:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1282:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1286:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1290:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1294:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1298:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1302:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1306:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1310:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1314:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/solaris-dev.c:1318:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/system.c:118:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, args);
data/cyclades-serial-client-0.93/telnet.c:757:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Debugbuf, msgbuf);
data/cyclades-serial-client-0.93/telnet.c:784:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Debugbuf, msgbuf);
data/cyclades-serial-client-0.93/telnet.c:886:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, linestates);
data/cyclades-serial-client-0.93/telnet.c:923:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, modemstates);
data/cyclades-serial-client-0.93/telnet.c:933:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:943:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:952:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s ", Stop_names[stopsize]);
data/cyclades-serial-client-0.93/telnet.c:953:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:962:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s ", Parity_names[parity]);
data/cyclades-serial-client-0.93/telnet.c:963:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:972:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s ", Control_names[control]);
data/cyclades-serial-client-0.93/telnet.c:973:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:982:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s ", Purge_names[purge]);
data/cyclades-serial-client-0.93/telnet.c:983:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/telnet.c:992:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s: ", Command_names[cmdidx]);
data/cyclades-serial-client-0.93/telnet.c:993:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Debugbuf, buf);
data/cyclades-serial-client-0.93/tsrio.c:1491:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(debugbuf, "%s %s -- %s %s\n", pstate, psubstate,
data/cyclades-serial-client-0.93/unixware-dev.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_sname, stty);
data/cyclades-serial-client-0.93/unixware-dev.c:212:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P_devname, dname);
data/cyclades-serial-client-0.93/unixware-dev.c:1011:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "M_IOCTL (Ioctl %c %d), %d bytes: %s\n",
data/cyclades-serial-client-0.93/unixware-dev.c:1018:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s, %d bytes\n", msgt, size);
data/cyclades-serial-client-0.93/unixware-dev.c:1023:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s: queue %d", msgt, buf[0]);
data/cyclades-serial-client-0.93/unixware-dev.c:1028:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1033:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1037:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1041:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1045:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1049:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1053:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1057:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1061:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1065:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1069:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1073:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1077:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1081:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1085:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1089:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1093:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1097:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1105:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1109:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1121:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1125:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1129:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf, "%s\n", msgt);
data/cyclades-serial-client-0.93/unixware-dev.c:1182:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ioctlbuf, "%s", msgt);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:97:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc,argv, "u:n:r:fi:st:m:c:p:d:xvhH")) != EOF) {
data/cyclades-serial-client-0.93/aix-dev.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/aix-dev.c:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ctlbuf[16], Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/aix-dev.c:151:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (PTY_DEVICE, mode)) < 0) {
data/cyclades-serial-client-0.93/aix-dev.c:261:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/aix-dev.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/aix-dev.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/aix-dev.c:436:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/aix-dev.c:438:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/aix-dev.c:443:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/aix-dev.c:445:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/aix-dev.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[64];
data/cyclades-serial-client-0.93/aix-dev.c:1140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioctlbuf[32];
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:100:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptyiosize = atoi(optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:106:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netiosize = atoi(optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:112:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nretries = atoi(optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:118:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retrydelay = atoi(optarg) * 1000;
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:126:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
devmodem = atoi (optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:129:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
closemode = atoi (optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:132:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
baseport = atoi (optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:135:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Debug = atoi (optarg);
data/cyclades-serial-client-0.93/cyclades-ser-cli.c:171:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
physport = atoi (argv[2]);
data/cyclades-serial-client-0.93/hpux-dev.c:91:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/hpux-dev.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ctlbuf[16], Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/hpux-dev.c:148:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (PTY_DEVICE, mode)) < 0) {
data/cyclades-serial-client-0.93/hpux-dev.c:256:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/hpux-dev.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/hpux-dev.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/hpux-dev.c:393:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/hpux-dev.c:395:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/hpux-dev.c:400:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/hpux-dev.c:402:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/hpux-dev.c:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/hpux-dev.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/hpux-dev.c:515:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/hpux-dev.c:517:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/hpux-dev.c:522:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/hpux-dev.c:524:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/hpux-dev.c:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[64];
data/cyclades-serial-client-0.93/hpux-dev.c:1222:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioctlbuf[32];
data/cyclades-serial-client-0.93/inc/daemon.h:59:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
data/cyclades-serial-client-0.93/inc/dev.h:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char P_devname[NAMESIZE];
data/cyclades-serial-client-0.93/inc/dev.h:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char P_contrname[108];
data/cyclades-serial-client-0.93/inc/system.h:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char Idmsg[128];
data/cyclades-serial-client-0.93/inc/tsrio.h:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((b)->b_ins, p, nn); \
data/cyclades-serial-client-0.93/inc/tsrio.h:64:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, (b)->b_rem, nn); \
data/cyclades-serial-client-0.93/inc/tsrio.h:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (memptr, evparam, evsize); \
data/cyclades-serial-client-0.93/inc/tsrio.h:348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (memptr, evparam, evsize); \
data/cyclades-serial-client-0.93/libcsc/libcyclades-ser-cli.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cyclades_devices[MAX_PORTS];
data/cyclades-serial-client-0.93/libcsc/libcyclades-ser-cli.c:48:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/etc/cyclades-devices", "r");
data/cyclades-serial-client-0.93/libcsc/libcyclades-ser-cli.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/cyclades-serial-client-0.93/linux-dev.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/linux-dev.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/linux-dev.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctty[16];
data/cyclades-serial-client-0.93/linux-dev.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stty[16];
data/cyclades-serial-client-0.93/linux-dev.c:174:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (ctty, mode)) >= 0) {
data/cyclades-serial-client-0.93/linux-dev.c:292:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/linux-dev.c:361:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Holdbuf[4];
data/cyclades-serial-client-0.93/linux-dev.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/linux-dev.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/linux-dev.c:442:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/linux-dev.c:444:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) Databuf[i]);
data/cyclades-serial-client-0.93/linux-dev.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procfile[128];
data/cyclades-serial-client-0.93/linux-dev.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procbuf[512];
data/cyclades-serial-client-0.93/linux-dev.c:662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummybuf[512];
data/cyclades-serial-client-0.93/linux-dev.c:674:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
process = atoi (dep->d_name);
data/cyclades-serial-client-0.93/linux-dev.c:676:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(procfile, "/proc/%d/stat", process);
data/cyclades-serial-client-0.93/linux-dev.c:677:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((procfd = open (procfile, 0)) == -1) {
data/cyclades-serial-client-0.93/linux-dev.c:710:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioctlbuf[32];
data/cyclades-serial-client-0.93/sco-dev.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/sco-dev.c:83:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/sco-dev.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stty[16], ctty[16];
data/cyclades-serial-client-0.93/sco-dev.c:143:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (ctty, mode)) >= 0) {
data/cyclades-serial-client-0.93/sco-dev.c:246:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/sco-dev.c:306:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Holdbuf[4];
data/cyclades-serial-client-0.93/sco-dev.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/sco-dev.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/sco-dev.c:389:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/sco-dev.c:391:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) Databuf[i]);
data/cyclades-serial-client-0.93/sco-dev.c:606:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (MEM_NAME, O_RDONLY)) == -1) {
data/cyclades-serial-client-0.93/sock.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &sp->sin_addr, hp->h_addr, hp->h_length);
data/cyclades-serial-client-0.93/sock.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[4];
data/cyclades-serial-client-0.93/solaris-dev.c:116:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/solaris-dev.c:119:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/solaris-dev.c:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ctlbuf[16], Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/solaris-dev.c:168:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/ptmx", mode | O_NOCTTY);
data/cyclades-serial-client-0.93/solaris-dev.c:197:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (slave_fd = open(pts, O_RDWR | O_NOCTTY)) < 0)
data/cyclades-serial-client-0.93/solaris-dev.c:307:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/solaris-dev.c:387:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Holdbuf[4];
data/cyclades-serial-client-0.93/solaris-dev.c:469:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/solaris-dev.c:470:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/solaris-dev.c:471:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/solaris-dev.c:473:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:478:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/solaris-dev.c:480:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/solaris-dev.c:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/solaris-dev.c:575:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DATA: ");
data/cyclades-serial-client-0.93/solaris-dev.c:577:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) Databuf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:643:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/solaris-dev.c:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/solaris-dev.c:645:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/solaris-dev.c:647:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:652:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/solaris-dev.c:654:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/solaris-dev.c:766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/solaris-dev.c:767:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "CTL: ");
data/cyclades-serial-client-0.93/solaris-dev.c:769:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) ctlmsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:774:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/solaris-dev.c:776:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) datamsg->buf[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:858:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debbuf[128];
data/cyclades-serial-client-0.93/solaris-dev.c:859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oct[8];
data/cyclades-serial-client-0.93/solaris-dev.c:861:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debbuf, "DAT: ");
data/cyclades-serial-client-0.93/solaris-dev.c:863:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oct, "%02X ", (unsigned char) bp->b_rem[i]);
data/cyclades-serial-client-0.93/solaris-dev.c:1091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procfile[128];
data/cyclades-serial-client-0.93/solaris-dev.c:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procbuf[512];
data/cyclades-serial-client-0.93/solaris-dev.c:1094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummybuf[512];
data/cyclades-serial-client-0.93/solaris-dev.c:1106:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
process = atoi (dep->d_name);
data/cyclades-serial-client-0.93/solaris-dev.c:1108:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(procfile, "/proc/%d/stat", process);
data/cyclades-serial-client-0.93/solaris-dev.c:1109:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((procfd = open (procfile, 0)) == -1) {
data/cyclades-serial-client-0.93/solaris-dev.c:1142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioctlbuf[32];
data/cyclades-serial-client-0.93/solaris-dev.c:1203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[64];
data/cyclades-serial-client-0.93/system.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cyclades-serial-client-0.93/system.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timbuf[64];
data/cyclades-serial-client-0.93/system.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timbuf[64];
data/cyclades-serial-client-0.93/system.c:289:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%6d, %3d%%, %3d%%, %3d%%", secs, pru, prs, prt);
data/cyclades-serial-client-0.93/tbr.c:7:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int interval = atoi (argv[1]);
data/cyclades-serial-client-0.93/tbr1.c:8:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int interval = atoi (argv[1]);
data/cyclades-serial-client-0.93/tbr1.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/cyclades-serial-client-0.93/tbr1.c:16:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%4d: AAAAAAAAAAAAAAAAAAAAAAAAAAA\n", j);
data/cyclades-serial-client-0.93/telnet.c:76:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Suboptbuf[SUBOPT_MAXSIZE];
data/cyclades-serial-client-0.93/telnet.c:79:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Comibuf[SOCK_MAXIOSZ];
data/cyclades-serial-client-0.93/telnet.c:80:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Comobuf[SOCK_MAXIOSZ];
data/cyclades-serial-client-0.93/telnet.c:710:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Debugbuf[512];
data/cyclades-serial-client-0.93/telnet.c:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[32];
data/cyclades-serial-client-0.93/telnet.c:733:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "DO ");
data/cyclades-serial-client-0.93/telnet.c:736:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "DONT ");
data/cyclades-serial-client-0.93/telnet.c:739:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "WILL ");
data/cyclades-serial-client-0.93/telnet.c:742:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "WONT ");
data/cyclades-serial-client-0.93/telnet.c:745:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "IAC ");
data/cyclades-serial-client-0.93/telnet.c:748:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "SE ");
data/cyclades-serial-client-0.93/telnet.c:751:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "SB ");
data/cyclades-serial-client-0.93/telnet.c:754:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Ctl %02X ", c);
data/cyclades-serial-client-0.93/telnet.c:766:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[32];
data/cyclades-serial-client-0.93/telnet.c:769:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "BINARY ");
data/cyclades-serial-client-0.93/telnet.c:772:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "ECHO ");
data/cyclades-serial-client-0.93/telnet.c:775:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "SUPPRESS GO AHEAD ");
data/cyclades-serial-client-0.93/telnet.c:778:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "COMM PORT OPTION ");
data/cyclades-serial-client-0.93/telnet.c:781:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Cmd %3d ", c);
data/cyclades-serial-client-0.93/telnet.c:859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestates [256];
data/cyclades-serial-client-0.93/telnet.c:863:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_TIMEOUT_ERROR ");
data/cyclades-serial-client-0.93/telnet.c:866:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_SHIFTREG_EMPTY ");
data/cyclades-serial-client-0.93/telnet.c:869:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_HOLDREG_EMPTY ");
data/cyclades-serial-client-0.93/telnet.c:872:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_BREAK_ERROR ");
data/cyclades-serial-client-0.93/telnet.c:875:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_FRAME_ERROR ");
data/cyclades-serial-client-0.93/telnet.c:878:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_PARITY_ERROR ");
data/cyclades-serial-client-0.93/telnet.c:881:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_OVERRUN_ERROR ");
data/cyclades-serial-client-0.93/telnet.c:884:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (linestates, "LINE_DATA_READY ");
data/cyclades-serial-client-0.93/telnet.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modemstates [256];
data/cyclades-serial-client-0.93/telnet.c:899:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_DCD ");
data/cyclades-serial-client-0.93/telnet.c:902:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_RI ");
data/cyclades-serial-client-0.93/telnet.c:905:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_DSR ");
data/cyclades-serial-client-0.93/telnet.c:908:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_CTS ");
data/cyclades-serial-client-0.93/telnet.c:911:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_DELTA_DCD ");
data/cyclades-serial-client-0.93/telnet.c:914:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_TRAIL_RI ");
data/cyclades-serial-client-0.93/telnet.c:917:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_DELTA_DSR ");
data/cyclades-serial-client-0.93/telnet.c:920:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modemstates, "MODEM_DELTA_CTS ");
data/cyclades-serial-client-0.93/telnet.c:931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:932:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Speed: %d bps ", speed);
data/cyclades-serial-client-0.93/telnet.c:941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:942:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Datasize: %d bits ", datasize);
data/cyclades-serial-client-0.93/telnet.c:951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/telnet.c:991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [32];
data/cyclades-serial-client-0.93/tsrio.c:1466:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debugbuf[128];
data/cyclades-serial-client-0.93/tsrio.c:1568:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(debugbuf, "%02X %02X %02X %02X", *cp, *(cp+1)
data/cyclades-serial-client-0.93/unixware-dev.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_sname[NAMESIZE];
data/cyclades-serial-client-0.93/unixware-dev.c:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ctlbuf[16], Databuf[DEV_MAXIOSZ];
data/cyclades-serial-client-0.93/unixware-dev.c:158:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (PTY_DEVICE, mode)) < 0) {
data/cyclades-serial-client-0.93/unixware-dev.c:266:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open (P_sname, O_RDWR|O_NOCTTY)) == -1) {
data/cyclades-serial-client-0.93/unixware-dev.c:1002:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[64];
data/cyclades-serial-client-0.93/unixware-dev.c:1136:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ioctlbuf[32];
data/cyclades-serial-client-0.93/linux-dev.c:371:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Holdbuf, 1)) == -1) {
data/cyclades-serial-client-0.93/linux-dev.c:419:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Databuf, size)) == -1) {
data/cyclades-serial-client-0.93/linux-dev.c:683:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (procfd, procbuf, 512) <= 0) {
data/cyclades-serial-client-0.93/sco-dev.c:317:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Holdbuf, 1)) == -1) {
data/cyclades-serial-client-0.93/sco-dev.c:366:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Databuf, size)) == -1) {
data/cyclades-serial-client-0.93/sco-dev.c:635:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, (char *) &procid, sizeof (short)) <= 0) {
data/cyclades-serial-client-0.93/solaris-dev.c:405:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Holdbuf, 1)) == -1) {
data/cyclades-serial-client-0.93/solaris-dev.c:555:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((retc = read (P_mfd, Databuf, size)) == -1) {
data/cyclades-serial-client-0.93/solaris-dev.c:1115:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (procfd, procbuf, 512) <= 0) {
data/cyclades-serial-client-0.93/system.c:62:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(0); /* File creation mask */
data/cyclades-serial-client-0.93/tbr1.c:17:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (1, buf, strlen(buf));
ANALYSIS SUMMARY:
Hits = 367
Lines analyzed = 12143 in approximately 0.29 seconds (41418 lines/second)
Physical Source Lines of Code (SLOC) = 9521
Hits@level = [0] 30 [1] 11 [2] 184 [3] 1 [4] 171 [5] 0
Hits@level+ = [0+] 397 [1+] 367 [2+] 356 [3+] 172 [4+] 171 [5+] 0
Hits/KSLOC@level+ = [0+] 41.6973 [1+] 38.5464 [2+] 37.391 [3+] 18.0653 [4+] 17.9603 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.