Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.h
Examining data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp
Examining data/d-itg-2.8.1-r1023/src/common/serial.h
Examining data/d-itg-2.8.1-r1023/src/common/thread.h
Examining data/d-itg-2.8.1-r1023/src/common/pipes.h
Examining data/d-itg-2.8.1-r1023/src/common/ITG.cpp
Examining data/d-itg-2.8.1-r1023/src/common/ITG.h
Examining data/d-itg-2.8.1-r1023/src/common/crypto.h
Examining data/d-itg-2.8.1-r1023/src/common/timestamp.cpp
Examining data/d-itg-2.8.1-r1023/src/common/serial.cpp
Examining data/d-itg-2.8.1-r1023/src/common/pipes.cpp
Examining data/d-itg-2.8.1-r1023/src/common/timestamp.h
Examining data/d-itg-2.8.1-r1023/src/common/crypto.cpp
Examining data/d-itg-2.8.1-r1023/src/common/debug.h
Examining data/d-itg-2.8.1-r1023/src/common/thread.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGRecv/data.h
Examining data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h
Examining data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran2.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/include.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryurng.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/myexcept.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/myexcept.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand6.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand3.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/extreal.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/extreal.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand1.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/format.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryurng.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/simpstr.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/test_out.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/nr_ex.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/test_lg.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryurng1.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/test_out.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/simpstr.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/geturng.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand4.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand2.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/tryrand5.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/format.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/array.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/utility.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/utility.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h
Examining data/d-itg-2.8.1-r1023/src/ITGSend/traffic.h
Examining data/d-itg-2.8.1-r1023/src/ITGLog/channel.h
Examining data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.h
Examining data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp
Examining data/d-itg-2.8.1-r1023/src/libITG/ITGapi.h
Examining data/d-itg-2.8.1-r1023/src/libITG/ITGapi.cpp
Examining data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp
FINAL RESULTS:
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:415:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(delayfpname, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:416:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jitterfpname, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:692:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:704:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:716:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:728:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:753:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strappo, memFile[i].FileNWE);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:755:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strappo, userstring);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1171:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nameFileLog, flowIdString);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1173:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nameFileLog, (*infos).srcAddr);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1175:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nameFileLog, (*infos).destAddr);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1176:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer1, buffer2);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1191:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memFile[i].FileName, buffer2);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1192:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memFile[i].FileNWE, buffer1);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1242:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1252:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1262:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1557:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1558:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, extension);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1567:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colname, memFile[i].srcAddr);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1569:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colname, memFile[i].destAddr);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1634:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1643:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1652:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1661:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename, memFile[i].FileName);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:143:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, signalingLog.logFile);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail,"Error into open this file : %s",logFile);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:185:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memLogFile[i].logFile, logFile);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:301:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DEFAULT_LOG_FILE);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:451:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail, "Unknow option : %s", argv[0]);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:469:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail, "Unknow option : %s", argv[0]);
data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp:90:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(host, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp:92:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
for (i=2;i<argc;i++) strcat(strcat(command, " "), argv[i]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:204:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(addr6, "%s:%s:%s:%s:%s:%s:%s:%s",
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:325:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail, "Error into open this file : %s", logFile);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:331:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memLogFile[i].logFile, logFile);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:876:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DEFAULT_LOG_FILE);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:924:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(signal.logFile, logFile);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1065:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, fileName);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2016:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifaceBind, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2026:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2030:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DEFAULT_LOG_FILE);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2099:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SigInterface, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2229:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail, "Error into open this file : %s", logFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:285:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, line);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parserParams[flowCount].line, temp);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:333:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(programName, argv[0]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:366:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DefaultLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:367:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFileReceiver, DefaultRecvLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:403:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DefaultLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:432:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DefaultLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:436:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:542:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFileReceiver, argv[1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:550:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempS,argv[0]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:643:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ManagerMsg, para->line);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:658:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DefaultLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:810:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].iface, argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:830:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].serialReceiver, argv[h+1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:837:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1152:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1161:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, DefaultLogFile);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1165:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFile, argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1178:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFileReceiver, argv[h+1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1489:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].payloadFile,argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1542:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].pktSizeFile,argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1580:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].timeFile ,argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1616:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1657:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1690:51: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1698:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flows[id].SigInterface, argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1707:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1715:49: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1765:49: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2796:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newAddr,oldAddr);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4416:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, argv[i]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4519:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(signal.logFile, logFile);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/myexcept.cpp:78:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (l < r) { strcpy(what_error+SoFar, a_what); SoFar += l; }
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:143:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(codec, argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:181:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcpy(tail, "Unknown option "), argv[0]),
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:188:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcat(strcpy(temp, "What is "), argv[0]), " ?"),
data/d-itg-2.8.1-r1023/src/common/ITG.h:452:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->srcAddr, SrcHost);
data/d-itg-2.8.1-r1023/src/common/ITG.h:458:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->destAddr, DestHost);
data/d-itg-2.8.1-r1023/src/common/ITG.h:494:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->srcAddr, SrcHost);
data/d-itg-2.8.1-r1023/src/common/ITG.h:500:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->destAddr, DestHost);
data/d-itg-2.8.1-r1023/src/common/ITG.h:537:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->srcAddr, SrcHost);
data/d-itg-2.8.1-r1023/src/common/ITG.h:543:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infos->destAddr, DestHost);
data/d-itg-2.8.1-r1023/src/common/debug.h:35:52: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTD(level, ...) if (DEBUG >= level) { printf(__VA_ARGS__); fflush(stdout); }
data/d-itg-2.8.1-r1023/src/common/debug.h:42:71: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTDS(level, ...) if (DEBUG >= level) { usleep(1000); printf(__VA_ARGS__); fflush(stdout); }
data/d-itg-2.8.1-r1023/src/common/debug.h:45:70: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTDS(level, ...) if (DEBUG >= level) { Sleep(1000); printf(__VA_ARGS__); fflush(stdout); }
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:126:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pipename, nameProgram);
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:128:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pipename, stringa);
data/d-itg-2.8.1-r1023/src/common/serial.cpp:94:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stringa, nameSerial);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2591:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(start_time.tv_sec);
data/d-itg-2.8.1-r1023/src/common/timestamp.cpp:58:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(tv.tv_usec);
data/d-itg-2.8.1-r1023/src/common/timestamp.cpp:66:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(lpSystemTime.wSecond);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char address[ADDRESSLEN];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileName[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileNWE[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char senderlogname[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitratefile[fileNameSize] = "bitrate.dat";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jitterfile[fileNameSize] = "jitter.dat";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:143:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pktlossfile[fileNameSize] = "packetloss.dat";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delayfile[fileNameSize] = "delay.dat";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combinedstatsfile[fileNameSize] = "combined_stats.dat";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loginname[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userstring[10];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logoutname[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octavename[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delayfpname[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jitterfpname[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:405:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(delayfpname, "eachdelay");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:406:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(jitterfpname, "eachjitter");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:408:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(delayfpname, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:409:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jitterfpname, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:417:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(delayfpname, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:418:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jitterfpname, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:426:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(userstring, "log");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:462:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flownumsel = atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:496:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
intxt = fopen(loginname, "rb");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:509:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
intxt = fopen(loginname, "r");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:520:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outtxt = fopen(logoutname, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:527:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outbin.open(logoutname, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:536:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((octavefpout = fopen(octavename, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:548:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((delayfpout = fopen(delayfpname, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:553:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((jitterfpout = fopen(jitterfpname, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:616:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((*infos).srcAddr, "127.0.0.1");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:617:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((*infos).destAddr, "127.0.0.1");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:693:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".bit");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:705:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".jit");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:717:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".del");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:729:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".pkt");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:751:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strappo[230];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:756:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(strappo, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:927:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sendlog.open(senderlogname, ios::in | ios::binary);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowIdString[33];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1170:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(flowIdString, "%u", (*infos).flowId);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1177:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nameFileLog, ".dat");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1179:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memFile[i].FileId.open(buffer2, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfilename[fileNameSize];
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1233:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfilename, ".bit");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1234:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfilebit = fopen(outfilename, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1243:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfilename, ".jit");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1244:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfilejit = fopen(outfilename, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1253:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfilename, ".del");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1254:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfiledel = fopen(outfilename, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1263:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfilename, ".pkt");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1264:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfilepkt = fopen(outfilename, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1274:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfilec = fopen(memFile[i].FileName, "rb");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[5] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1520:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extension, ".bit\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1521:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen(bitratefile, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1528:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extension, ".jit\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1529:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen(jitterfile, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1536:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extension, ".del\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1537:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen(delayfile, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1544:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extension, ".pkt\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1545:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen(pktlossfile, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1559:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((memFile[i].tempfile = fopen(tempfilename, "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1565:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colname, "%u", memFile[i].flowId);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename[fileNameSize] = "";
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1626:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen(combinedstatsfile, "w")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1635:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".bit\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1636:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((memFile[i].tempfile_bit = fopen(tempfilename, "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1644:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".del\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1645:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((memFile[i].tempfile_del = fopen(tempfilename, "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1653:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".jit\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1654:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((memFile[i].tempfile_jit = fopen(tempfilename, "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1662:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempfilename, ".pkt\0");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1663:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((memFile[i].tempfile_pkt = fopen(tempfilename, "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:125:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void recvInfo(int signalingChannel, BYTE &protocol, char logFile[DIM_LOG_FILE])
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:152:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE])
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:152:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE])
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:173:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memLogFile[i].out.open(logFile, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:440:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logbuffer_size = atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:553:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[50];
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:555:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostIP[20];
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.h:85:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void recvInfo(int signalingChannel,BYTE &protocol,char logFile[DIM_LOG_FILE]);
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.h:91:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* allowedLogFile(char logFile[DIM_LOG_FILE]);
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[50];
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostIP[20];
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[50];
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostIP[20];
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/d-itg-2.8.1-r1023/src/ITGLog/channel.cpp:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, &net_port, sizeof(int));
data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[10000];
data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[10000] = "";
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6p[8][5];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6[40], devname[20];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:199:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/proc/net/if_inet6", "r")) != NULL) {
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:291:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE])
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:291:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE])
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:316:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memLogFile[i].out.open(logFile, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[sizeof(BYTE) + sizeof(int) + sizeof(uint16_t)];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameFileLog[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:900:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void createSignalingLogChannel(struct addrinfo logHost, char logFile[DIM_LOG_FILE],
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:906:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:945:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void createRemoteLogFile(struct addrinfo &logHost, char logFile[DIM_LOG_FILE],
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1059:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &((struct sockaddr_in6 *) logHost.ai_addr)->sin6_addr,
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1070:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void recvNameLog(char nameFile[DIM_LOG_FILE], int newSockSignaling)
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1077:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_MSG_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serialReceiver[DIM_NAME_SERIAL_INTERFACE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trash[INET6_ADDRSTRLEN + 1];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1365:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destAddr->sin6_addr, ptrIP, 4 * sizeof(in_addr_t));
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1396:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paraThread[flowPosition].destHost.ai_addr,passiveSender->ai_addr,passiveSender->ai_addrlen);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1402:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destAddr->sin6_addr, &((struct sockaddr_in6 *)passiveSender->ai_addr)->sin6_addr, 4 * sizeof(in_addr_t));
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1543:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paraThread[flowPosition].destHost.ai_addr,globalBindAddr->ai_addr,globalBindAddr->ai_addrlen);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1548:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &((struct sockaddr_in6 *)paraThread[flowPosition].destHost.ai_addr)->sin6_addr,
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1673:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((size = sendto(logSock, (char *) paraThread[k].addressInfos, paraThread[k].count * sizeof(struct info), 0, logHost->ai_addr, logHost->ai_addrlen)) < 0)
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeMsg];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2006:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logbuffer_size = atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2055:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defaultLogPortSignaling = atoi(&argv[1][2]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2090:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defaultPortSignaling = atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2124:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp=atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2220:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.open(logFile, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2306:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tail,
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2333:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tail,
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[DIM_NAME_SERIAL_INTERFACE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:206:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void createRemoteLogFile(struct addrinfo &logHost, char logFile[DIM_LOG_FILE], BYTE protocolLog, int & logSockSignaling, int & logSock);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:210:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void createSignalingLogChannel(struct addrinfo logHost, char logFile[DIM_LOG_FILE], BYTE protocolLog, int & logSockSignaling);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.h:236:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void recvNameLog(char nameFile[DIM_LOG_FILE],int newSockSignaling);
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAX_PAYLOAD_SIZE + 32];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:225:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload, ptr, size_r);
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:345:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:747:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:995:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1174:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1476:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:1565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:90:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFileReceiver[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:113:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char globalSigAddr[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_FLOW_LINE_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_SCRIPT_LINE_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SCRIPT_LINE_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:267:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((batch = fopen(argv[0], "r")) == NULL) {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:424:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logbuffer_size = atoi(argv[1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("Option ") + sizeof(argv[0][1])+sizeof(" can not be used as a global option in the multy flow mode !")];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:549:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tempS,"Option ");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:551:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempS, " can not be used as a global option in the multy flow mode !");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[200];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[30];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:611:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(flows[id].serialReceiver,"noSerial");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:718:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flows[id].payloadLogType = atoi(argv[h+1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:822:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SET_PORT(flows[id].DestHost, htons(atoi(argv[h + 1])));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:836:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:837:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:837:57: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:845:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(flows[id].serialReceiver,"noSerial");if ((tail == argv[h + 1]) || (temp < 0) || (temp > 255))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:907:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flows[id].mean_adjustment = atoi(argv[h+1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1034:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flows[id].icmptype = atoi(argv[h + 2]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1057:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sctpId = atoi(argv[h + 2]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1063:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sctpStreams = atoi(argv[h + 3]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1111:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SET_PORT(flows[id].SrcHost, htons(atoi(argv[h + 1])));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1121:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(flows[id].serialReceiver, "noSerial");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1151:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1152:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1152:57: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1188:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logbuffer_size = atoi(argv[h+1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1332:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc < 2) || (atoi(argv[h + 1]) < 1))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1338:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flows[id].PktSize = new SumRandom(atoi(argv[h + 1]) * (*ConstantRV));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1343:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc < 3) || (atoi(argv[h + 1]) < 1)
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1344:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| (atoi(argv[h + 2]) <= atoi(argv[h + 1])))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1344:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| (atoi(argv[h + 2]) <= atoi(argv[h + 1])))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1349:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1350:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(argv[h + 2]) - b;
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1357:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc < 2) || (atoi(argv[h + 1]) < 1))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1363:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flows[id].PktSize = new SumRandom(atoi(argv[h + 1]) * (*ExponentialRV));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1382:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc < 3) || (atoi(argv[h + 2]) <= 0))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1387:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = (Real) atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1388:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = (Real) atoi(argv[h + 2]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1400:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = (Real) atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1401:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = (Real) atoi(argv[h + 2]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1408:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc < 2) || (atoi(argv[h + 1]) < 0))
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1411:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1512:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptrFile = fopen(flows[id].payloadFile,"r");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1546:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptrFile = fopen(flows[id].pktSizeFile,"r");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1561:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((atoi(line) <= 0) || (atoi(line) > DIM_MAX_IP_PACKET)){
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1561:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((atoi(line) <= 0) || (atoi(line) > DIM_MAX_IP_PACKET)){
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1565:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpInt=atoi(line);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1584:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptrFile = fopen(flows[id].timeFile,"r");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1615:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1616:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1616:57: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1648:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp = atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1655:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1657:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1657:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1682:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp=atoi(argv[h + 1]);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1689:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1690:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1690:58: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1706:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempS[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1707:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1707:57: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(tempS, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1714:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1715:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1715:56: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1765:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1765:56: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
ReportErrorAndExit("General parser", strcat(strcat(strcpy(temp, "What is "), argv[h]), " ?"), programName, id);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dotIpV4[INET_ADDRSTRLEN] = "0.0.0.0";
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dotIpV6[INET6_ADDRSTRLEN] = "::";
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2446:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpSrcAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HelpDstAddress[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, &net_id, sizeof(net_id));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldAddr[INET_ADDRSTRLEN+1];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newAddr[INET6_ADDRSTRLEN+1];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2795:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newAddr,"::ffff:");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2803:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2863:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.open(logFile, ios::out | ios::binary | ios::trunc);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrSeqNum, &net_seqNum, sizeof(net_seqNum));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrTimeSec, &net_TimeSec, sizeof(net_TimeSec));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrTimeUsec, &net_TimeUsec, sizeof(net_TimeUsec));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrSeqNum, &net_seqNum, sizeof(net_seqNum));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrSize, &net_size, sizeof(net_size));
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3180:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrToTruePayload, (void *) ((long int) flows[id].ptrPayloadBuffer + indexBuffer),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3191:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrToTruePayload, (void *) ((long int) flows[id].ptrPayloadBuffer + indexBuffer),
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3208:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pkt.packet, payload, size);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3218:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pkt.packet, payload, size);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3393:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_r = TCPrecvPacket((unsigned char *) payload, sock,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3397:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_r = SCTPrecvPacket((unsigned char *) payload, sock, sctpId,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3518:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCPrecvPacket((unsigned char *) payload, sock, flows[id].minPayloadSize,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3522:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SCTPrecvPacket((unsigned char *) payload, sock, sctpId, flows[id].minPayloadSize,
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[DIM_LOG_FILE + sizeof(BYTE)];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[DIM_LOG_FILE + 20];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[sizeMessag];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[sizeMessag];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[sizeMessag];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Messaggio[100];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4410:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void argvToString(char *argv[], int argc, char line[200])
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serialReceiver[DIM_NAME_SERIAL_INTERFACE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payloadFile[DIM_PAYLOAD_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pktSizeFile[DIM_NOME_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeFile[DIM_NOME_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_FLOW_LINE_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:197:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char LogFileServerLogReceiver[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.h:242:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void argvToString(char *argv[], int argc, char line[200]);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:184:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:222:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:289:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:439:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:543:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:701:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/newran1.cpp:812:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstream in; in.open((Dir+"lgm_mix.txt").c_str(), ios::in);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->s, oldp->s, sz); oldp->Drop(); px = p;
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:370:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
char* target = p->s; memcpy(target, oldp->s, pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:372:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, oldp->s + pos, sz-pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:411:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
char* target = p->s; memcpy(target, oldp->s, pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:412:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
target += pos; memcpy(target, oldp->s+pos+xlen, sz-pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:439:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
char* target = p->s; memcpy(target, oldp->s, pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:441:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, oldp->s+pos+xlen, sz-pos);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:468:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, p->s+pos, rlen); return rlen;
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:1049:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, x, sz);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:1055:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, x, sz);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:1062:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, x, len); memset(s+len, c, n-len);
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codec[10];
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:106:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codec, "G.711.1");
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:123:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codec, "G.711");
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:128:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codec, "G.711");
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:133:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codec, "G.729");
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:138:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codec, "G.729");
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:181:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcat(strcpy(tail, "Unknown option "), argv[0]),
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[sizeof("What is ?") + sizeof(argv[h])];
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:188:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(strcat(strcpy(temp, "What is "), argv[0]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:188:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcat(strcat(strcpy(temp, "What is "), argv[0]), " ?"),
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:357:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*OnPeriod = new SumRandom(atoi(argv[h + 1]) * (*ConstantRV));
data/d-itg-2.8.1-r1023/src/ITGSend/traffic.cpp:483:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*OffPeriod = new SumRandom(atoi(argv[h + 1]) * (*ConstantRV));
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char programName[100];
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DEFAULT_LOG_IP[10] = "127.0.0.1";
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(startPos, data, size);
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:133:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strcasecmp(s, (char *) meters[i]))
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:144:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strcasecmp(s, (char *) l4Protocols[i]))
data/d-itg-2.8.1-r1023/src/common/ITG.cpp:155:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strcasecmp(s, (char *) l7Protocols[i]))
data/d-itg-2.8.1-r1023/src/common/ITG.h:323:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char programName[100];
data/d-itg-2.8.1-r1023/src/common/ITG.h:324:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char DEFAULT_LOG_IP[10];
data/d-itg-2.8.1-r1023/src/common/ITG.h:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFile[DIM_LOG_FILE];
data/d-itg-2.8.1-r1023/src/common/ITG.h:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcAddr[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/common/ITG.h:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destAddr[INET6_ADDRSTRLEN];
data/d-itg-2.8.1-r1023/src/common/ITG.h:408:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE]);
data/d-itg-2.8.1-r1023/src/common/ITG.h:408:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowedLogFile(char logFile[DIM_LOG_FILE]);
data/d-itg-2.8.1-r1023/src/common/ITG.h:611:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/common/ITG.h:673:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr_payload, buffer, size_l);
data/d-itg-2.8.1-r1023/src/common/ITG.h:758:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAX_PAYLOAD_SIZE];
data/d-itg-2.8.1-r1023/src/common/ITG.h:813:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr_payload, ptr, size_l);
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:39:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyReceiver1 = fopen("KeyReceiverPubblica", "w");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:40:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyReceiver2 = fopen("KeyReceiverPrivata", "w");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:51:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KeySender1 = fopen("KeySenderPubblica", "w");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:52:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KeySender2 = fopen("KeySenderPrivata", "w");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Messaggio[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:68:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioCodificato[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioCodificato2[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioOriginale2[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[3000];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:77:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyReceiver = fopen("KeyReceiverPubblica", "r");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:97:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keysender = fopen("KeySenderPrivata", "r");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:117:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Messaggio[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioCodificato2[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:119:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioCodificato[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:120:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioDecodificato[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:121:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MessaggioOriginale[256];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1000];
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:130:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyreceiver=fopen("KeyReceiverPrivata","r");
data/d-itg-2.8.1-r1023/src/common/crypto.cpp:139:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keysender=fopen("KeySenderPubblica","r");
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipename[30];
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringa[30];
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:125:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pipename,"\\\\.\\pipe\\");
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:127:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stringa, "%d", num);
data/d-itg-2.8.1-r1023/src/common/serial.cpp:96:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(stringa, O_RDWR | O_NOCTTY);
data/d-itg-2.8.1-r1023/src/common/thread.cpp:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameMutex[30] = "";
data/d-itg-2.8.1-r1023/src/libITG/ITGapi.cpp:117:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &Sender.sin_addr, host->h_addr, host->h_length);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:209:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loginname, argv[1], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:238:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(delayfile, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:260:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bitratefile, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:282:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(jitterfile, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:304:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pktlossfile, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:333:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(combinedstatsfile, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:378:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logoutname, argv[1], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:390:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(senderlogname, argv[1], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:396:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logoutname, argv[0], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:400:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(logoutname, "reconstructed.dat", fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:413:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(delayfpname, "_");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:414:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(jitterfpname, "_");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:430:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(userstring, argv[1], 10);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:446:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(octavename, argv[1], fileNameSize);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:754:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(strappo, ".");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:934:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sendlog.read((char *) infos_loc, sizeof(struct info));
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1047:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flowinfo[0].srcaddress, (*infos).srcAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1049:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flowinfo[0].destaddress, (*infos).destAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1128:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flowinfo[flownum - 1].srcaddress, (*infos).srcAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1130:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flowinfo[flownum - 1].destaddress, (*infos).destAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1172:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nameFileLog, "-");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1174:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nameFileLog, "-");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1189:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(memFile[i].srcAddr, (*infos).srcAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1190:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(memFile[i].destAddr, (*infos).destAddr, ADDRESSLEN);
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1231:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1241:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1251:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1261:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1566:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname, "-");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1568:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname, "-");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1571:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1633:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tempfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1642:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tempfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1651:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tempfilename, "");
data/d-itg-2.8.1-r1023/src/ITGDec/ITGDecod.cpp:1660:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tempfilename, "");
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:91:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (getchar() != 'C') {}
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:205:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(memLogFile[i].logFile, " ");
data/d-itg-2.8.1-r1023/src/ITGLog/ITGLog.cpp:512:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(memLogFile[i].logFile, " ");
data/d-itg-2.8.1-r1023/src/ITGManager/ITGManager.cpp:92:30: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=2;i<argc;i++) strcat(strcat(command, " "), argv[i]);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:155:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (getchar() != 'C') {}
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:200:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n",
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:357:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(memLogFile[i].logFile, " ");
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1085:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nameFile, buffer, size_r);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:1484:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(paraThread[flowPosition].serial, serialReceiver, DIM_NAME_SERIAL_INTERFACE);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2015:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifaceBind = (char*) malloc(strlen(argv[1]) + 1);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2098:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SigInterface = (char*)malloc(strlen(argv[1]) + 1);
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2192:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(memLogFile[i].logFile, " ");
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2316:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sockSignaling, SOL_SOCKET, SO_BINDTODEVICE, SigInterface, strlen(SigInterface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGRecv/ITGRecv.cpp:2378:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sockSignaling, SOL_SOCKET, SO_BINDTODEVICE, SigInterface, strlen(SigInterface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:155:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, paraThread->iface, strlen(paraThread->iface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:536:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, paraThread->iface, strlen(paraThread->iface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGRecv/data.cpp:839:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, paraThread->iface, strlen(paraThread->iface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:158:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (getchar() != 'C'){}
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:215:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(parserParams[flowCount].line, buffer, MAX_FLOW_LINE_SIZE-3);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:633:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (para->line[strlen(para->line) - 1] == '\n') {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:634:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
para->line[strlen(para->line) - 1] = '\0';
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:642:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ManagerMsg = (char *) malloc(sizeof(char) * strlen(para->line) + sizeof(int) * 2);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:809:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flows[id].iface = (char*)malloc(strlen(argv[h + 1]) + 1);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1103:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[h]) == 2) {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1697:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flows[id].SigInterface = (char*)malloc(strlen(argv[h + 1]) + 1);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:1959:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(ManagerMsg);
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:2847:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, iface, strlen(iface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:3886:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(signalSock, SOL_SOCKET, SO_BINDTODEVICE, Interface, strlen(Interface)) < 0) {
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4414:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "^");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4417:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, "^");
data/d-itg-2.8.1-r1023/src/ITGSend/ITGSend.cpp:4421:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, "\n");
data/d-itg-2.8.1-r1023/src/ITGSend/newran/format.cpp:45:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ f.StringPrint(os, value, strlen(value)); return *this; }
data/d-itg-2.8.1-r1023/src/ITGSend/newran/myexcept.cpp:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(a_what); int r = LastOne - SoFar;
data/d-itg-2.8.1-r1023/src/ITGSend/newran/myexcept.cpp:81:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(what_error+SoFar, a_what, r);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:86:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint sz = strlen(s);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:112:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == 0) px = ASN;
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:1047:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(x);
data/d-itg-2.8.1-r1023/src/ITGSend/newran/str.cpp:1088:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CharSeq::CharSeq(char* S) : sz(strlen(S)), s(S) {}
data/d-itg-2.8.1-r1023/src/common/debug.h:42:57: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define PRINTDS(level, ...) if (DEBUG >= level) { usleep(1000); printf(__VA_ARGS__); fflush(stdout); }
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:49:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd[0], msg, sizeof(pipeMsg));
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:97:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ReadFile(pipe[2], msg, sizeof(pipeMsg) , &read , NULL) == 0) {
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:98:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("Error reading from pipe, with read = %ld\n", read);
data/d-itg-2.8.1-r1023/src/common/pipes.cpp:103:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != sizeof(pipeMsg)) {
data/d-itg-2.8.1-r1023/src/libITG/ITGapi.cpp:119:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sendto(socket_r, message, strlen(message), 0, (struct sockaddr *) &Sender, sizeof(Sender)) != (int) strlen(message))
data/d-itg-2.8.1-r1023/src/libITG/ITGapi.cpp:119:114: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sendto(socket_r, message, strlen(message), 0, (struct sockaddr *) &Sender, sizeof(Sender)) != (int) strlen(message))
data/d-itg-2.8.1-r1023/src/libITG/ITGapi.cpp:143:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*senderIP, inet_ntoa(Sender.sin_addr), 30);
ANALYSIS SUMMARY:
Hits = 524
Lines analyzed = 26410 in approximately 0.77 seconds (34277 lines/second)
Physical Source Lines of Code (SLOC) = 18862
Hits@level = [0] 461 [1] 81 [2] 347 [3] 3 [4] 93 [5] 0
Hits@level+ = [0+] 985 [1+] 524 [2+] 443 [3+] 96 [4+] 93 [5+] 0
Hits/KSLOC@level+ = [0+] 52.2214 [1+] 27.7807 [2+] 23.4864 [3+] 5.0896 [4+] 4.93055 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.