Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c Examining data/dnsmasq-2.82/src/arp.c Examining data/dnsmasq-2.82/src/auth.c Examining data/dnsmasq-2.82/src/blockdata.c Examining data/dnsmasq-2.82/src/bpf.c Examining data/dnsmasq-2.82/src/cache.c Examining data/dnsmasq-2.82/src/config.h Examining data/dnsmasq-2.82/src/conntrack.c Examining data/dnsmasq-2.82/src/crypto.c Examining data/dnsmasq-2.82/src/dbus.c Examining data/dnsmasq-2.82/src/dhcp-common.c Examining data/dnsmasq-2.82/src/dhcp-protocol.h Examining data/dnsmasq-2.82/src/dhcp.c Examining data/dnsmasq-2.82/src/dhcp6-protocol.h Examining data/dnsmasq-2.82/src/dhcp6.c Examining data/dnsmasq-2.82/src/dns-protocol.h Examining data/dnsmasq-2.82/src/dnsmasq.c Examining data/dnsmasq-2.82/src/dnsmasq.h Examining data/dnsmasq-2.82/src/dnssec.c Examining data/dnsmasq-2.82/src/domain.c Examining data/dnsmasq-2.82/src/dump.c Examining data/dnsmasq-2.82/src/edns0.c Examining data/dnsmasq-2.82/src/forward.c Examining data/dnsmasq-2.82/src/helper.c Examining data/dnsmasq-2.82/src/inotify.c Examining data/dnsmasq-2.82/src/ip6addr.h Examining data/dnsmasq-2.82/src/ipset.c Examining data/dnsmasq-2.82/src/lease.c Examining data/dnsmasq-2.82/src/log.c Examining data/dnsmasq-2.82/src/loop.c Examining data/dnsmasq-2.82/src/metrics.c Examining data/dnsmasq-2.82/src/metrics.h Examining data/dnsmasq-2.82/src/netlink.c Examining data/dnsmasq-2.82/src/network.c Examining data/dnsmasq-2.82/src/option.c Examining data/dnsmasq-2.82/src/outpacket.c Examining data/dnsmasq-2.82/src/poll.c Examining data/dnsmasq-2.82/src/radv-protocol.h Examining data/dnsmasq-2.82/src/radv.c Examining data/dnsmasq-2.82/src/rfc1035.c Examining data/dnsmasq-2.82/src/rfc2131.c Examining data/dnsmasq-2.82/src/rfc3315.c Examining data/dnsmasq-2.82/src/rrfilter.c Examining data/dnsmasq-2.82/src/slaac.c Examining data/dnsmasq-2.82/src/tables.c Examining data/dnsmasq-2.82/src/tftp.c Examining data/dnsmasq-2.82/src/ubus.c Examining data/dnsmasq-2.82/src/util.c FINAL RESULTS: data/dnsmasq-2.82/src/domain.c:201:8: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(name, ".", MAXDNAME); data/dnsmasq-2.82/src/domain.c:202:8: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(name, c->domain, MAXDNAME); data/dnsmasq-2.82/src/domain.c:239:8: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(name, ".", MAXDNAME); data/dnsmasq-2.82/src/domain.c:240:8: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(name, c->domain, MAXDNAME); data/dnsmasq-2.82/src/inotify.c:51:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rc = readlink(path, buf, (size_t)size); data/dnsmasq-2.82/src/auth.c:221:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, cache_get_name(crecp)); data/dnsmasq-2.82/src/auth.c:233:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, zone->domain); data/dnsmasq-2.82/src/auth.c:545:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, candidate->target); data/dnsmasq-2.82/src/auth.c:549:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, zone->domain); data/dnsmasq-2.82/src/auth.c:763:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, a->target); data/dnsmasq-2.82/src/auth.c:767:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, zone->domain); data/dnsmasq-2.82/src/auth.c:799:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, cache_get_name(crecp)); data/dnsmasq-2.82/src/cache.c:632:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cache_get_name(new), name); data/dnsmasq-2.82/src/cache.c:1149:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cache->name.sname, canon); data/dnsmasq-2.82/src/cache.c:1151:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cache->name.sname, domain_suffix); data/dnsmasq-2.82/src/cache.c:1159:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cache->name.sname, canon); data/dnsmasq-2.82/src/cache.c:1772:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s ", a, t, data/dnsmasq-2.82/src/cache.c:1784:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd))); data/dnsmasq-2.82/src/cache.c:1854:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s[%s]", desc, types); data/dnsmasq-2.82/src/cache.c:1856:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s[type=%d]", desc, type); data/dnsmasq-2.82/src/cache.c:1861:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "<%s>", types); data/dnsmasq-2.82/src/cache.c:1883:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(daemon->addrbuff, arg, addr->log.keytag, addr->log.algo, addr->log.digest); data/dnsmasq-2.82/src/dbus.c:299:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str_domain, str); data/dnsmasq-2.82/src/dbus.c:361:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str_addr, str); data/dnsmasq-2.82/src/dbus.c:652:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(introspection_xml, introspection_xml_template, daemon->dbus_name); data/dnsmasq-2.82/src/dhcp-common.c:899:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "%s for %s", (context->flags & CONTEXT_OLD) ? "old prefix" : "constructed", ifrn_name); data/dnsmasq-2.82/src/dhcp-common.c:906:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "template for %s", context->template_interface); data/dnsmasq-2.82/src/dhcp-common.c:919:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->dhcp_buff, daemon->addrbuff); data/dnsmasq-2.82/src/dhcp-common.c:940:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->addrbuff, context->template_interface); data/dnsmasq-2.82/src/dhcp.c:524:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->dhcp_buff, inet_ntoa(context->start)); data/dnsmasq-2.82/src/dhcp.c:525:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->dhcp_buff2, inet_ntoa(context->end)); data/dnsmasq-2.82/src/dnssec.c:695:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(keyname, name); data/dnsmasq-2.82/src/dnssec.c:1677:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(keyname, &name[name_start]); data/dnsmasq-2.82/src/dnssec.c:1904:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->workspacename, keyname); data/dnsmasq-2.82/src/helper.c:272:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(daemon->dhcp_buff3, "%s%u", data.flags & LEASE_TA ? "T" : "", data.iaid); data/dnsmasq-2.82/src/helper.c:641:4: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(daemon->lease_change_command, data/dnsmasq-2.82/src/inotify.c:74:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_buf, path); data/dnsmasq-2.82/src/inotify.c:75:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_buf, buf); data/dnsmasq-2.82/src/inotify.c:105:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, res->name); data/dnsmasq-2.82/src/inotify.c:188:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, ah->fname); data/dnsmasq-2.82/src/inotify.c:190:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, ent->d_name); data/dnsmasq-2.82/src/inotify.c:253:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, ah->fname); data/dnsmasq-2.82/src/inotify.c:255:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, in->name); data/dnsmasq-2.82/src/ipset.c:177:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(req_adt_get.set.name, setname); data/dnsmasq-2.82/src/lease.c:158:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->dhcp_buff, daemon->lease_change_command); data/dnsmasq-2.82/src/lease.c:160:18: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. leasestream = popen(daemon->dhcp_buff, "r"); data/dnsmasq-2.82/src/lease.c:246:19: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (!(*errp) && vfprintf(daemon->lease_stream, format, ap) < 0) data/dnsmasq-2.82/src/lease.c:979:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_name, name); data/dnsmasq-2.82/src/lease.c:982:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_fqdn, name); data/dnsmasq-2.82/src/lease.c:984:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_fqdn, domain); data/dnsmasq-2.82/src/log.c:305:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/dnsmasq-2.82/src/log.c:376:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "dnsmasq%s[%d]: ", func, (int)pid); data/dnsmasq-2.82/src/log.c:380:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len += vsnprintf(p, MAX_MESSAGE - len, format, ap) + 1; /* include zero-terminator */ data/dnsmasq-2.82/src/loop.c:74:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *)p, LOOP_TEST_DOMAIN); /* Add terminating zero */ data/dnsmasq-2.82/src/network.c:412:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lo->name, ifr.ifr_name); data/dnsmasq-2.82/src/network.c:474:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iface->name, ifr.ifr_name); data/dnsmasq-2.82/src/network.c:1412:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(daemon->namebuff, srv->interface); data/dnsmasq-2.82/src/network.c:1513:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(domain_str, domain); data/dnsmasq-2.82/src/option.c:750:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff+4, "--%s%s%s", opts[j].name, eq, desc); data/dnsmasq-2.82/src/option.c:755:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, usage[i].arg); data/dnsmasq-2.82/src/option.c:760:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_(usage[i].desc), buff); data/dnsmasq-2.82/src/option.c:765:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0) data/dnsmasq-2.82/src/option.c:766:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define ret_err_free(x,m) do { strcpy(errstr, (x)); free((m)); return 0; } while (0) data/dnsmasq-2.82/src/option.c:767:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define goto_err(x) do { strcpy(errstr, (x)); goto on_error; } while (0) data/dnsmasq-2.82/src/option.c:1779:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, directory); data/dnsmasq-2.82/src/option.c:1781:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, ent->d_name); data/dnsmasq-2.82/src/option.c:2630:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(serv->next->interface, serv->interface); data/dnsmasq-2.82/src/option.c:2927:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->iface, arg); data/dnsmasq-2.82/src/option.c:2941:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b->iface, arg); data/dnsmasq-2.82/src/option.c:3389:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errstr, _("duplicate dhcp-host IP address %s"), inet_ntoa(in)); data/dnsmasq-2.82/src/option.c:4662:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->namebuff, errmess); data/dnsmasq-2.82/src/option.c:4666:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file); data/dnsmasq-2.82/src/option.c:4838:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, ah->fname); data/dnsmasq-2.82/src/option.c:4840:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, ent->d_name); data/dnsmasq-2.82/src/option.c:5212:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buff, daemon->authserver); data/dnsmasq-2.82/src/option.c:5293:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, srv->name); data/dnsmasq-2.82/src/option.c:5295:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buff, daemon->domain_suffix); data/dnsmasq-2.82/src/radv.c:418:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(daemon->namebuff, "/proc/sys/net/ipv6/conf/%s/mtu", mtu_name ? mtu_name : iface_name); data/dnsmasq-2.82/src/rfc1035.c:1412:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, cname_target); data/dnsmasq-2.82/src/rfc2131.c:383:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->namebuff, inet_ntoa(context_tmp->start)); data/dnsmasq-2.82/src/rfc2131.c:1476:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. hostname += sprintf(hostname, "%.2x%s", emac[i], (i == emac_len - 1) ? "" : "-"); data/dnsmasq-2.82/src/rfc2131.c:2160:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf((char *)mess->file, sizeof(mess->file), data/dnsmasq-2.82/src/rfc3315.c:1955:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(daemon->namebuff, "%s PL=%u VL=%u", data/dnsmasq-2.82/src/tftp.c:560:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file->filename, namebuff); data/dnsmasq-2.82/src/tftp.c:626:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->namebuff, transfer->file->filename); data/dnsmasq-2.82/src/tftp.c:743:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = snprintf(mess->message, MAXMESSAGE, message, file, errstr); data/dnsmasq-2.82/src/tftp.c:754:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(daemon->namebuff, file); data/dnsmasq-2.82/src/util.c:240:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, in); data/dnsmasq-2.82/src/util.c:499:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, name); data/dnsmasq-2.82/src/util.c:646:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":"); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:402:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, "a:s:c:n:i:hd", longopts, &option_index); data/dnsmasq-2.82/src/option.c:5042:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. option = getopt_long(argc, argv, OPTSTRING, opts, NULL); data/dnsmasq-2.82/src/option.c:5044:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. option = getopt(argc, argv, OPTSTRING); data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:54:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define option_len(opt) ((int)(((unsigned char *)(opt))[1])) data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:55:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2])) data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:69:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char options[308]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:73:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char options[308]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:93:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, iov->iov_base, iov->iov_len); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:318:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &server, sizeof(server)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1024]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[1024]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:204:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result.iaid = htonl(atoi(iaid)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result.options, &ia_addr, ntohs(ia_addr.len) + 2 * sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:226:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result.buf + offset, &client_option, ntohs(client_option.len) + 2*sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:228:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result.buf + offset, &server_option, ntohs(server_option.len) + 2*sizeof(uint16_t) ); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result.buf + offset, &iana_option, ntohs(iana_option.len) + 2*sizeof(uint16_t) ); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:239:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option_value[1024]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:243:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&option_type,buf + current_pos, sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:244:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:251:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&status, buf + current_pos, sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:255:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(option_value, buf + current_pos + sizeof(uint16_t) , option_len - sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option_value[1024]; data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:281:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&option_type,buf + current_pos, sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:282:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:289:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&status, buf + current_pos, sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:293:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(option_value, buf + current_pos +sizeof(uint16_t) , option_len -sizeof(uint16_t)); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[1400]; data/dnsmasq-2.82/src/arp.c:30:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/arp.c:69:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp->hwaddr, mac, maclen); data/dnsmasq-2.82/src/arp.c:96:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp->hwaddr, mac, maclen); data/dnsmasq-2.82/src/arp.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&arp->addr.addr6, addrp, IN6ADDRSZ); data/dnsmasq-2.82/src/arp.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac, arp->hwaddr, arp->hwlen); data/dnsmasq-2.82/src/arp.c:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&arp->addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ); data/dnsmasq-2.82/src/auth.c:587:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%u.", a & 0xff); data/dnsmasq-2.82/src/auth.c:590:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%u.", a & 0xff); data/dnsmasq-2.82/src/auth.c:592:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%u.in-addr.arpa", a & 0xff); data/dnsmasq-2.82/src/auth.c:603:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); data/dnsmasq-2.82/src/auth.c:605:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "ip6.arpa"); data/dnsmasq-2.82/src/blockdata.c:91:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block->key, data, blen); data/dnsmasq-2.82/src/blockdata.c:154:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, b->key, blen); data/dnsmasq-2.82/src/bpf.c:256:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff, "/dev/bpf%d", i++); data/dnsmasq-2.82/src/bpf.c:257:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((daemon->dhcp_raw_fd = open(daemon->dhcp_buff, O_RDWR, 0)) != -1) data/dnsmasq-2.82/src/bpf.c:298:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN); data/dnsmasq-2.82/src/bpf.c:308:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN); data/dnsmasq-2.82/src/bpf.c:333:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)mess)[len] = 0; /* for checksum, in case length is odd. */ data/dnsmasq-2.82/src/cache.c:1005:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. j = (j*2 +((unsigned char *)addr)[i]) % hashsz; data/dnsmasq-2.82/src/cache.c:1031:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cache->addr, addr, addrlen); data/dnsmasq-2.82/src/cache.c:1085:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename, "r"); data/dnsmasq-2.82/src/cache.c:1577:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%d", daemon->cachesize); data/dnsmasq-2.82/src/cache.c:1581:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_INSERTED]); data/dnsmasq-2.82/src/cache.c:1585:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]); data/dnsmasq-2.82/src/cache.c:1589:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_QUERIES_FORWARDED]); data/dnsmasq-2.82/src/cache.c:1593:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]); data/dnsmasq-2.82/src/cache.c:1598:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_AUTH_ANSWERED]); data/dnsmasq-2.82/src/cache.c:1633:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, buff, bufflen); data/dnsmasq-2.82/src/cache.c:1724:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%-30.30s ", sanitise(n)); data/dnsmasq-2.82/src/cache.c:1730:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ssize_t len = sprintf(a, "%u %u %u ", cache->addr.srv.priority, data/dnsmasq-2.82/src/cache.c:1742:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag, data/dnsmasq-2.82/src/cache.c:1746:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(a, "%5u %3u %3u", cache->addr.key.keytag, data/dnsmasq-2.82/src/cache.c:1782:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now)); data/dnsmasq-2.82/src/cache.c:1863:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "type=%d", type); data/dnsmasq-2.82/src/cache.c:1895:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->addrbuff, "%u", rcode); data/dnsmasq-2.82/src/crypto.c:72:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, null_hash_buff, ctx->len); data/dnsmasq-2.82/src/crypto.c:80:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(null_hash_buff + ctx->len, src, length); data/dnsmasq-2.82/src/dbus.c:172:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char p[sizeof(struct in6_addr)]; data/dnsmasq-2.82/src/dbus.c:190:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr)); data/dnsmasq-2.82/src/dbus.c:280:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interface[IF_NAMESIZE]; data/dnsmasq-2.82/src/dbus.c:461:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dhcp_chaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/dhcp-common.c:478:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&config->addr6->addr.addr6, &crec->addr.addr6, IN6ADDRSZ); data/dnsmasq-2.82/src/dhcp-common.c:766:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, &val[i], addr_len); data/dnsmasq-2.82/src/dhcp-common.c:832:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%u", dec); data/dnsmasq-2.82/src/dhcp-common.c:882:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(daemon->namebuff, _(", prefix deprecated")); data/dnsmasq-2.82/src/dhcp-common.c:885:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, _(", lease time ")); data/dnsmasq-2.82/src/dhcp-common.c:893:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifrn_name[IFNAMSIZ]; data/dnsmasq-2.82/src/dhcp-common.c:896:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, ", "); data/dnsmasq-2.82/src/dhcp-common.c:904:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, ", "); data/dnsmasq-2.82/src/dhcp.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; data/dnsmasq-2.82/src/dhcp.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(unsigned int))]; data/dnsmasq-2.82/src/dhcp.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct sockaddr_dl))]; data/dnsmasq-2.82/src/dhcp.c:422:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&arp_req.arp_pa, &dest, sizeof(struct sockaddr_in)); data/dnsmasq-2.82/src/dhcp.c:424:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen); data/dnsmasq-2.82/src/dhcp.c:451:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen); data/dnsmasq-2.82/src/dhcp.c:862:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(ETHERSFILE, "r"); data/dnsmasq-2.82/src/dhcp.c:867:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[ETHER_ADDR_LEN]; data/dnsmasq-2.82/src/dhcp.c:1004:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(config->hwaddr->hwaddr, hwaddr, ETHER_ADDR_LEN); data/dnsmasq-2.82/src/dhcp6.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/dnsmasq-2.82/src/dhcp6.c:576:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, daemon->duid_config, daemon->duid_config_len); data/dnsmasq-2.82/src/dhcp6.c:627:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, mac, maclen); data/dnsmasq-2.82/src/dhcp6.c:641:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifrn_name[IFNAMSIZ]; data/dnsmasq-2.82/src/dnsmasq.c:153:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_RDWR); data/dnsmasq-2.82/src/dnsmasq.c:619:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->namebuff, "%d\n", (int) getpid()); data/dnsmasq-2.82/src/dnsmasq.c:642:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1) data/dnsmasq-2.82/src/dnsmasq.c:681:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int nullfd = open("/dev/null", O_RDWR); data/dnsmasq-2.82/src/dnsmasq.c:1813:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intr_name[IF_NAMESIZE]; data/dnsmasq-2.82/src/dnsmasq.h:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXDNAME]; data/dnsmasq-2.82/src/dnsmasq.h:441:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[KEYBLOCK_LEN]; data/dnsmasq-2.82/src/dnsmasq.h:452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sname[SMALLDNAME]; data/dnsmasq-2.82/src/dnsmasq.h:536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interface[IF_NAMESIZE+1]; data/dnsmasq-2.82/src/dnsmasq.h:548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interface[IF_NAMESIZE+1]; data/dnsmasq-2.82/src/dnsmasq.h:674:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *hash[HASH_SIZE]; data/dnsmasq-2.82/src/dnsmasq.h:724:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/dnsmasq.h:769:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/dnsmasq.h:873:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/dnsmasq.h:879:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iface[IF_NAMESIZE]; data/dnsmasq-2.82/src/dnssec.c:170:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666); data/dnsmasq-2.82/src/dnssec.c:240:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, *p, bufflen); data/dnsmasq-2.82/src/dnssec.c:261:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, *p, d); data/dnsmasq-2.82/src/dnssec.c:319:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff1 + left1, p1, len1); data/dnsmasq-2.82/src/dnssec.c:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff2 + left2, p2, len2); data/dnsmasq-2.82/src/domain.c:71:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int index = atoi(tail); data/dnsmasq-2.82/src/domain.c:119:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tail, "::ffff:", 7); data/dnsmasq-2.82/src/dump.c:66:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((daemon->dumpfd = open(daemon->dump_file, O_APPEND | O_RDWR)) == -1 || data/dnsmasq-2.82/src/dump.c:124:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip6.ip6_src, &src->in6.sin6_addr, IN6ADDRSZ); data/dnsmasq-2.82/src/dump.c:130:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip6.ip6_dst, &dst->in6.sin6_addr, IN6ADDRSZ); data/dnsmasq-2.82/src/dump.c:181:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)packet)[len] = 0; /* for checksum, in case length is odd. */ data/dnsmasq-2.82/src/edns0.c:178:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, datap, rdlen); data/dnsmasq-2.82/src/edns0.c:220:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, buff, rdlen); data/dnsmasq-2.82/src/edns0.c:242:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, opt, optlen); data/dnsmasq-2.82/src/edns0.c:270:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/edns0.c:271:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encode[18]; /* handle 6 byte MACs */ data/dnsmasq-2.82/src/edns0.c:294:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/edns0.c:358:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt->addr, addrp, len); data/dnsmasq-2.82/src/forward.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; data/dnsmasq-2.82/src/forward.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr))]; data/dnsmasq-2.82/src/forward.c:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/dnsmasq-2.82/src/forward.c:69:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); data/dnsmasq-2.82/src/forward.c:75:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmptr), &(source->addr4), sizeof(source->addr4)); data/dnsmasq-2.82/src/forward.c:87:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmptr), &p, sizeof(p)); data/dnsmasq-2.82/src/forward.c:362:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(forward->hash, hash, HASH_SIZE); data/dnsmasq-2.82/src/forward.c:531:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(daemon->namebuff, "query"); data/dnsmasq-2.82/src/forward.c:1119:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->hash, hash, HASH_SIZE); data/dnsmasq-2.82/src/forward.c:1276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/dnsmasq-2.82/src/forward.c:1278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; data/dnsmasq-2.82/src/forward.c:1280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr)) + data/dnsmasq-2.82/src/forward.c:1283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr)) + data/dnsmasq-2.82/src/forward.c:1974:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *newhash, hash[HASH_SIZE]; data/dnsmasq-2.82/src/forward.c:1976:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash, newhash, HASH_SIZE); data/dnsmasq-2.82/src/forward.c:2047:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(daemon->namebuff, "query"); data/dnsmasq-2.82/src/helper.c:72:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hwaddr[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/helper.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interface[IF_NAMESIZE]; data/dnsmasq-2.82/src/helper.c:243:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.2x-", data.hwaddr_type); data/dnsmasq-2.82/src/helper.c:246:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.2x", data.hwaddr[i]); data/dnsmasq-2.82/src/helper.c:263:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.2x", buf[i]); data/dnsmasq-2.82/src/helper.c:275:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.2x", daemon->duid[i]); data/dnsmasq-2.82/src/helper.c:312:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(is6 ? daemon->packet : daemon->dhcp_buff, "%lu", (unsigned long)data.file_len); data/dnsmasq-2.82/src/helper.c:408:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "vendor_class_id"); data/dnsmasq-2.82/src/helper.c:412:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "vendor_class%i", i); data/dnsmasq-2.82/src/helper.c:442:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "user_class%i", i); data/dnsmasq-2.82/src/helper.c:568:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "%u", data.length); data/dnsmasq-2.82/src/helper.c:571:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "%lu", (unsigned long)data.expires); data/dnsmasq-2.82/src/helper.c:590:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "DNSMASQ_VENDOR_CLASS%i", i); data/dnsmasq-2.82/src/helper.c:619:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i); data/dnsmasq-2.82/src/helper.c:623:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "%u", data.remaining_time); data/dnsmasq-2.82/src/helper.c:774:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->hwaddr, lease->hwaddr, DHCP_CHADDR_MAX); data/dnsmasq-2.82/src/helper.c:792:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lease->clid, clid_len); data/dnsmasq-2.82/src/helper.c:797:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, hostname, hostname_len); data/dnsmasq-2.82/src/helper.c:802:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lease->extradata, ed_len); data/dnsmasq-2.82/src/helper.c:831:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)(buf+1), filename, filename_len); data/dnsmasq-2.82/src/helper.c:854:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->hwaddr, mac, maclen); data/dnsmasq-2.82/src/ipset.c:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)attr + NL_ALIGN(sizeof(struct my_nlattr)), data, len); data/dnsmasq-2.82/src/ipset.c:158:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IPSET_MAXNAMELEN]; data/dnsmasq-2.82/src/ipset.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typename[IPSET_MAXNAMELEN]; data/dnsmasq-2.82/src/lease.c:56:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->duid, daemon->dhcp_buff2, daemon->duid_len); data/dnsmasq-2.82/src/lease.c:119:7: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ei = atol(daemon->dhcp_buff3); data/dnsmasq-2.82/src/lease.c:159:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(daemon->dhcp_buff, " init"); data/dnsmasq-2.82/src/lease.c:173:44: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). leasestream = daemon->lease_stream = fopen(daemon->lease_file, "a+"); data/dnsmasq-2.82/src/lease.c:209:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff, "%d", WEXITSTATUS(rc)); data/dnsmasq-2.82/src/lease.c:882:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lease->hwaddr, hwaddr, hw_len); data/dnsmasq-2.82/src/lease.c:918:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lease->clid, clid, clid_len); data/dnsmasq-2.82/src/lease.c:1189:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, lease->extradata, lease->extradata_len); data/dnsmasq-2.82/src/lease.c:1198:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lease->extradata + lease->extradata_len, data, len); data/dnsmasq-2.82/src/log.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char payload[MAX_MESSAGE]; data/dnsmasq-2.82/src/log.c:121:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP); data/dnsmasq-2.82/src/log.c:370:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "<%d>", priority | log_fac); data/dnsmasq-2.82/src/log.c:374:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.15s ", ctime(&time_now) + 4); data/dnsmasq-2.82/src/loop.c:71:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)p, "%.8x", uid); data/dnsmasq-2.82/src/network.c:766:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->addrbuff, "port %d", port); data/dnsmasq-2.82/src/network.c:1699:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(fname, "r"))) data/dnsmasq-2.82/src/option.c:591:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, cp, len+1); data/dnsmasq-2.82/src/option.c:660:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *res = atoi(a); data/dnsmasq-2.82/src/option.c:697:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((r->txt)+1, txt, len); data/dnsmasq-2.82/src/option.c:710:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/dnsmasq-2.82/src/option.c:746:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "-%c, ", usage[i].opt); data/dnsmasq-2.82/src/option.c:748:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, " "); data/dnsmasq-2.82/src/option.c:758:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%d", tab[j].val); data/dnsmasq-2.82/src/option.c:901:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%u.", a & 0xff); data/dnsmasq-2.82/src/option.c:904:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%d.", (a >> 8) & 0xff); data/dnsmasq-2.82/src/option.c:907:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%d.", (a >> 16) & 0xff); data/dnsmasq-2.82/src/option.c:910:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%d.", (a >> 24) & 0xff); data/dnsmasq-2.82/src/option.c:918:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "in-addr.arpa"); data/dnsmasq-2.82/src/option.c:939:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dig = ((unsigned char *)addr)[i>>3]; data/dnsmasq-2.82/src/option.c:940:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); data/dnsmasq-2.82/src/option.c:942:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "ip6.arpa"); data/dnsmasq-2.82/src/option.c:1106:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->opt = atoi(arg); data/dnsmasq-2.82/src/option.c:1132:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->opt = atoi(arg+8); data/dnsmasq-2.82/src/option.c:1157:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->u.encap = atoi(arg+6); data/dnsmasq-2.82/src/option.c:1162:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->u.encap = atoi(arg+9); data/dnsmasq-2.82/src/option.c:1314:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(comma); data/dnsmasq-2.82/src/option.c:1326:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i, val = atoi(comma); data/dnsmasq-2.82/src/option.c:1375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, &in, INADDRSZ); data/dnsmasq-2.82/src/option.c:1381:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int netsize = atoi(slash); data/dnsmasq-2.82/src/option.c:1453:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, m, header_size + len); data/dnsmasq-2.82/src/option.c:1518:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, arg, len); data/dnsmasq-2.82/src/option.c:1546:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, p, len); data/dnsmasq-2.82/src/option.c:1903:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (hostname_isequal((char *)facilitynames[i].c_name, arg)) data/dnsmasq-2.82/src/option.c:2196:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon->soa_sn = (u32)atoi(arg); data/dnsmasq-2.82/src/option.c:2211:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon->soa_refresh = (u32)atoi(arg); data/dnsmasq-2.82/src/option.c:2216:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon->soa_retry = (u32)atoi(arg); data/dnsmasq-2.82/src/option.c:2218:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon->soa_expiry = (u32)atoi(comma); data/dnsmasq-2.82/src/option.c:2354:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->end6, &new->start6, IN6ADDRSZ); data/dnsmasq-2.82/src/option.c:2990:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp, *a[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; data/dnsmasq-2.82/src/option.c:3127:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!*cp && (pref = atoi(a[leasepos])) <= 128) data/dnsmasq-2.82/src/option.c:3232:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->lease_time = atoi(a[leasepos]) * fac; data/dnsmasq-2.82/src/option.c:3295:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->clid, arg, len); data/dnsmasq-2.82/src/option.c:3458:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->lease_time = atoi(arg) * fac; data/dnsmasq-2.82/src/option.c:3673:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->val + 1, arg, new->len - 1); data/dnsmasq-2.82/src/option.c:3819:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->enterprise = atoi(arg+11); data/dnsmasq-2.82/src/option.c:3834:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, comma, new->len); data/dnsmasq-2.82/src/option.c:3840:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, comma, new->len); data/dnsmasq-2.82/src/option.c:4021:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->duid_config, comma, daemon->duid_config_len); data/dnsmasq-2.82/src/option.c:4028:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dash, *a[3] = { NULL, NULL, NULL }; data/dnsmasq-2.82/src/option.c:4174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *a[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; data/dnsmasq-2.82/src/option.c:4242:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->txt, data, len); data/dnsmasq-2.82/src/option.c:4272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->txt[2], tag, strlen(tag)); data/dnsmasq-2.82/src/option.c:4273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->txt[2 + strlen(tag)], value, strlen(value)); data/dnsmasq-2.82/src/option.c:4405:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->ttl = atoi(arg); data/dnsmasq-2.82/src/option.c:4738:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(file, "r"))) data/dnsmasq-2.82/src/option.c:4865:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(daemon->servers_file, "r"))) data/dnsmasq-2.82/src/option.c:5051:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *c = (unsigned char *)argv[optind]; data/dnsmasq-2.82/src/option.c:5211:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buff, "hostmaster."); data/dnsmasq-2.82/src/option.c:5262:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen((daemon->resolv_files)->name, "r"))) data/dnsmasq-2.82/src/outpacket.c:84:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data, len); data/dnsmasq-2.82/src/poll.c:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, pollfds, i * sizeof(struct pollfd)); data/dnsmasq-2.82/src/poll.c:114:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd)); data/dnsmasq-2.82/src/radv.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE+1]; data/dnsmasq-2.82/src/radv.c:139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interface[IF_NAMESIZE+1]; data/dnsmasq-2.82/src/radv.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/dnsmasq-2.82/src/radv.c:419:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(daemon->namebuff, "r"))) data/dnsmasq-2.82/src/radv.c:422:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mtu = atoi(daemon->namebuff); data/dnsmasq-2.82/src/radv.c:752:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, mac, maclen); data/dnsmasq-2.82/src/radv.c:872:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifrn_name[IFNAMSIZ]; data/dnsmasq-2.82/src/rfc1035.c:149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXARPANAME+1], *cp1; data/dnsmasq-2.82/src/rfc1035.c:196:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). addr[0] = atoi(cp1); data/dnsmasq-2.82/src/rfc1035.c:218:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xdig[2]; data/dnsmasq-2.82/src/rfc1035.c:433:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */ data/dnsmasq-2.82/src/rfc1035.c:465:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, p, INADDRSZ); data/dnsmasq-2.82/src/rfc1035.c:483:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &addr, INADDRSZ); data/dnsmasq-2.82/src/rfc1035.c:838:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, p1, addrlen); data/dnsmasq-2.82/src/rfc1035.c:1214:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sval, IN6ADDRSZ); data/dnsmasq-2.82/src/rfc1035.c:1221:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sval, INADDRSZ); data/dnsmasq-2.82/src/rfc1035.c:1258:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sval, usval); data/dnsmasq-2.82/src/rfc1035.c:1269:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sval, usval); data/dnsmasq-2.82/src/rfc2131.c:21:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define option_len(opt) ((int)(((unsigned char *)(opt))[1])) data/dnsmasq-2.82/src/rfc2131.c:22:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define option_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[2u+(unsigned int)(i)])) data/dnsmasq-2.82/src/rfc2131.c:98:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pxe_uuid[17]; data/dnsmasq-2.82/src/rfc2131.c:197:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(agent_id, opt, total); data/dnsmasq-2.82/src/rfc2131.c:491:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->dhcp_buff3, option_ptr(opt, 0), option_len(opt)); data/dnsmasq-2.82/src/rfc2131.c:559:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->dhcp_buff2, mess->file, sizeof(mess->file)); data/dnsmasq-2.82/src/rfc2131.c:692:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pq, op+1, *op); data/dnsmasq-2.82/src/rfc2131.c:699:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pq, op, len); data/dnsmasq-2.82/src/rfc2131.c:716:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->dhcp_buff, option_ptr(opt, 0), len); data/dnsmasq-2.82/src/rfc2131.c:844:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxe_uuid, option_ptr(opt, 0), 17); data/dnsmasq-2.82/src/rfc2131.c:856:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char save71[4]; data/dnsmasq-2.82/src/rfc2131.c:868:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save71, option_ptr(opt, 0), 4); data/dnsmasq-2.82/src/rfc2131.c:1005:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req_options, option_ptr(opt, 0), option_len(opt)); data/dnsmasq-2.82/src/rfc2131.c:1782:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, option_ptr(opt, 0), INADDRSZ); data/dnsmasq-2.82/src/rfc2131.c:1960:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, string, len); data/dnsmasq-2.82/src/rfc2131.c:1981:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &context->local, INADDRSZ); data/dnsmasq-2.82/src/rfc2131.c:1983:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, a, INADDRSZ); data/dnsmasq-2.82/src/rfc2131.c:1989:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, opt->val ? opt->val : (unsigned char *)"", len); data/dnsmasq-2.82/src/rfc2131.c:2096:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, uuid, 17); data/dnsmasq-2.82/src/rfc2131.c:2212:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, service->menu, len); data/dnsmasq-2.82/src/rfc2131.c:2236:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &boot_server.s_addr, INADDRSZ); data/dnsmasq-2.82/src/rfc2131.c:2552:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, hostname, strlen(hostname)); data/dnsmasq-2.82/src/rfc2131.c:2557:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, domain, strlen(domain)); data/dnsmasq-2.82/src/rfc2131.c:2679:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &swap_ent, 4); data/dnsmasq-2.82/src/rfc2131.c:2710:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, daemon->dhcp_buff3, vendor_class_len); data/dnsmasq-2.82/src/rfc3315.c:32:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/rfc3315.c:64:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define opt6_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[4+(i)])) data/dnsmasq-2.82/src/rfc3315.c:66:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define opt6_user_vendor_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[2+(i)])) data/dnsmasq-2.82/src/rfc3315.c:230:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state->mac[0], opt6_ptr(opt, 2), state->mac_len); data/dnsmasq-2.82/src/rfc3315.c:246:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&align, inbuff + 2, IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:481:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pq, op+1, *op); data/dnsmasq-2.82/src/rfc3315.c:674:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:847:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:949:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:1051:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:1126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:1192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:1864:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->dhcp_buff2, "%u", opt6_uint(class_opt, 0, 4)); data/dnsmasq-2.82/src/rfc3315.c:1937:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->namebuff, "IAID=%u T1=%u T2=%u", data/dnsmasq-2.82/src/rfc3315.c:1944:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(daemon->namebuff, "IAID=%u", opt6_uint(opt, 0, 4)); data/dnsmasq-2.82/src/rfc3315.c:1953:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, opt6_ptr(opt, 0), IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:1962:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. int len = sprintf(daemon->namebuff, "%u ", opt6_uint(opt, 0, 2)); data/dnsmasq-2.82/src/rfc3315.c:1963:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daemon->namebuff + len, opt6_ptr(opt, 2), opt6_len(opt)-2); data/dnsmasq-2.82/src/rfc3315.c:2091:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/rfc3315.c:2117:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header[2], &relay->local.addr6, IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:2118:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header[18], peer_address, IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:2179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&link, &inbuff[2], IN6ADDRSZ); data/dnsmasq-2.82/src/rfc3315.c:2197:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&peer->sin6_addr, &inbuff[18], IN6ADDRSZ); data/dnsmasq-2.82/src/rrfilter.c:331:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, *wkspc, old * sizeof(unsigned char *)); data/dnsmasq-2.82/src/slaac.c:50:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.s6_addr[8], lease->hwaddr, 3); data/dnsmasq-2.82/src/slaac.c:51:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.s6_addr[13], &lease->hwaddr[3], 3); data/dnsmasq-2.82/src/slaac.c:58:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.s6_addr[8], lease->hwaddr, 8); data/dnsmasq-2.82/src/slaac.c:65:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.s6_addr[8], &lease->clid[1], 8); data/dnsmasq-2.82/src/tables.c:57:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dev = open( pf_device, O_RDWR); data/dnsmasq-2.82/src/tables.c:116:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(addr.pfra_ip6addr), ipaddr, sizeof(struct in6_addr)); data/dnsmasq-2.82/src/tftp.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuff[IF_NAMESIZE]; data/dnsmasq-2.82/src/tftp.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/dnsmasq-2.82/src/tftp.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_pktinfo))]; data/dnsmasq-2.82/src/tftp.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr)) + data/dnsmasq-2.82/src/tftp.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr)) + data/dnsmasq-2.82/src/tftp.c:380:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). transfer->blocksize = atoi(opt); data/dnsmasq-2.82/src/tftp.c:430:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char macbuf[DHCP_CHADDR_MAX]; data/dnsmasq-2.82/src/tftp.c:507:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(namebuff, O_RDONLY)) == -1) data/dnsmasq-2.82/src/tftp.c:776:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += (sprintf(p, "blksize") + 1); data/dnsmasq-2.82/src/tftp.c:777:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += (sprintf(p, "%u", transfer->blocksize) + 1); data/dnsmasq-2.82/src/tftp.c:781:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += (sprintf(p,"tsize") + 1); data/dnsmasq-2.82/src/tftp.c:782:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += (sprintf(p, "%u", (unsigned int)transfer->file->size) + 1); data/dnsmasq-2.82/src/util.c:46:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(RANDFILE, O_RDONLY); data/dnsmasq-2.82/src/util.c:492:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE]; data/dnsmasq-2.82/src/util.c:510:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("infinite")); data/dnsmasq-2.82/src/util.c:515:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(&buf[p], "%ud", x); data/dnsmasq-2.82/src/util.c:517:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(&buf[p], "%uh", x); data/dnsmasq-2.82/src/util.c:519:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(&buf[p], "%um", x); data/dnsmasq-2.82/src/util.c:521:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(&buf[p], "%us", x); data/dnsmasq-2.82/src/util.c:627:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, iov->iov_base, iov->iov_len); data/dnsmasq-2.82/src/util.c:643:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "<null>"); data/dnsmasq-2.82/src/util.c:801:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). version = (split ? atoi(split) : 0); data/dnsmasq-2.82/src/util.c:803:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). version = version * 256 + (split ? atoi(split) : 0); data/dnsmasq-2.82/src/util.c:805:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return version * 256 + (split ? atoi(split) : 0); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:283:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1); data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:333:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (setsockopt(sock, SOL_SOCKET, 25, iface, strlen(iface)) == -1) data/dnsmasq-2.82/src/auth.c:74:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(name); data/dnsmasq-2.82/src/auth.c:75:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t domainlen = strlen(zone->domain); data/dnsmasq-2.82/src/auth.c:232:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(name, "."); data/dnsmasq-2.82/src/auth.c:524:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(test) > wclen && !cname_wildcard) data/dnsmasq-2.82/src/auth.c:526:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wclen = strlen(test); data/dnsmasq-2.82/src/auth.c:535:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (hostname_isequal(a->alias, name) && strlen(a->alias) > wclen) data/dnsmasq-2.82/src/auth.c:538:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wclen = strlen(a->alias); data/dnsmasq-2.82/src/auth.c:548:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(name, "."); data/dnsmasq-2.82/src/auth.c:766:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(name, "."); data/dnsmasq-2.82/src/cache.c:595:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name && (strlen(name) > SMALLDNAME-1)) data/dnsmasq-2.82/src/cache.c:674:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ssize_t m = strlen(name); data/dnsmasq-2.82/src/cache.c:1042:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) == '#') data/dnsmasq-2.82/src/cache.c:1044:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/dnsmasq-2.82/src/cache.c:1066:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(f)) == EOF) data/dnsmasq-2.82/src/cache.c:1147:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 2 + strlen(domain_suffix)))) data/dnsmasq-2.82/src/cache.c:1147:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 2 + strlen(domain_suffix)))) data/dnsmasq-2.82/src/cache.c:1150:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cache->name.sname, "."); data/dnsmasq-2.82/src/cache.c:1157:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 1))) data/dnsmasq-2.82/src/cache.c:1650:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buff+1); data/dnsmasq-2.82/src/cache.c:1722:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(n) == 0 && !(cache->flags & F_REVERSE)) data/dnsmasq-2.82/src/cache.c:1827:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(types); data/dnsmasq-2.82/src/cache.c:1834:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(desc); data/dnsmasq-2.82/src/cache.c:1969:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 0) data/dnsmasq-2.82/src/dbus.c:286:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!str || !strlen (str)) data/dnsmasq-2.82/src/dbus.c:296:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(dup = str_domain = whine_malloc(strlen(str)+1))) data/dnsmasq-2.82/src/dbus.c:348:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!str || !strlen (str)) data/dnsmasq-2.82/src/dbus.c:358:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(dup = str_addr = whine_malloc(strlen(str)+1))) data/dnsmasq-2.82/src/dbus.c:651:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (introspection_xml = whine_malloc(strlen(introspection_xml_template) + strlen(daemon->dbus_name)))) data/dnsmasq-2.82/src/dbus.c:651:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (introspection_xml = whine_malloc(strlen(introspection_xml_template) + strlen(daemon->dbus_name)))) data/dnsmasq-2.82/src/dhcp-common.c:204:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dot+1) != 0) data/dnsmasq-2.82/src/dhcp-common.c:226:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat (s, netid->net, (MAXDNAME-1) - strlen(s)); data/dnsmasq-2.82/src/dhcp-common.c:226:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat (s, netid->net, (MAXDNAME-1) - strlen(s)); data/dnsmasq-2.82/src/dhcp-common.c:228:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat (s, ", ", (MAXDNAME-1) - strlen(s)); data/dnsmasq-2.82/src/dhcp-common.c:228:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat (s, ", ", (MAXDNAME-1) - strlen(s)); data/dnsmasq-2.82/src/dhcp-common.c:545:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(device)+1; data/dnsmasq-2.82/src/dhcp-common.c:764:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, ", ", buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:764:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, ", ", buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:768:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, daemon->addrbuff, buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:768:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, daemon->addrbuff, buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:850:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(buf, "...", buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:850:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buf, "...", buf_len - strlen(buf)); data/dnsmasq-2.82/src/dhcp-common.c:887:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/dnsmasq-2.82/src/dhcp-common.c:917:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(daemon->dhcp_buff, context->template_interface, DHCP_BUFF_SZ); data/dnsmasq-2.82/src/dhcp.c:903:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1])) data/dnsmasq-2.82/src/dhcp.c:903:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1])) data/dnsmasq-2.82/src/dhcp.c:904:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff[strlen(buff)-1] = 0; data/dnsmasq-2.82/src/dhcp.c:1041:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dot && strlen(dot+1) != 0) data/dnsmasq-2.82/src/dnsmasq.c:92:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(022); /* known umask, create leases and pid files as 0644 */ data/dnsmasq-2.82/src/dnsmasq.c:659:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0)) data/dnsmasq-2.82/src/dnsmasq.c:1305:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ev.msg_sz = msg ? strlen(msg) : 0; data/dnsmasq-2.82/src/dnssec.c:1019:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sa = ea = (char *)a + strlen(a); data/dnsmasq-2.82/src/dnssec.c:1020:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sb = eb = (char *)b + strlen(b); data/dnsmasq-2.82/src/dnssec.c:1654:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_start = strlen(name); /* for when TA is root */ data/dnsmasq-2.82/src/domain.c:193:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); data/dnsmasq-2.82/src/domain.c:195:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inet_ntop(AF_INET, &addr->addr4, name + strlen(name), ADDRSTRLEN); data/dnsmasq-2.82/src/domain.c:220:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN); data/dnsmasq-2.82/src/domain.c:222:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inet_ntop(AF_INET6, &addr->addr6, name + strlen(name), ADDRSTRLEN); data/dnsmasq-2.82/src/edns0.c:287:109: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace); data/dnsmasq-2.82/src/edns0.c:428:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned char *)daemon->dns_client_id, strlen(daemon->dns_client_id), 0, 1); data/dnsmasq-2.82/src/forward.c:117:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int namelen = strlen(qdomain); data/dnsmasq-2.82/src/forward.c:158:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int domainlen = strlen(serv->domain); data/dnsmasq-2.82/src/forward.c:593:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int namelen = strlen(daemon->namebuff); data/dnsmasq-2.82/src/forward.c:597:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int domainlen = strlen(ipset_pos->domain); data/dnsmasq-2.82/src/helper.c:248:11: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, ":"); data/dnsmasq-2.82/src/helper.c:265:13: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, ":"); data/dnsmasq-2.82/src/helper.c:277:8: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, ":"); data/dnsmasq-2.82/src/helper.c:374:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(data.interface) != 0) data/dnsmasq-2.82/src/helper.c:511:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(daemon->packet); data/dnsmasq-2.82/src/helper.c:565:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_setenv("DNSMASQ_INTERFACE", strlen(data.interface) != 0 ? data.interface : NULL, &err); data/dnsmasq-2.82/src/helper.c:756:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostname_len = strlen(hostname) + 1; data/dnsmasq-2.82/src/helper.c:818:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen(filename) + 1; data/dnsmasq-2.82/src/inotify.c:72:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new_buf = safe_malloc((d - path) + strlen(buf) + 2); data/dnsmasq-2.82/src/inotify.c:102:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *d, *new_path, *path = safe_malloc(strlen(res->name) + 1); data/dnsmasq-2.82/src/inotify.c:175:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lendir = strlen(ah->fname); data/dnsmasq-2.82/src/inotify.c:176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenfile = strlen(ent->d_name); data/dnsmasq-2.82/src/inotify.c:189:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/dnsmasq-2.82/src/inotify.c:223:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR); data/dnsmasq-2.82/src/inotify.c:235:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (in->len == 0 || (namelen = strlen(in->name)) == 0 || data/dnsmasq-2.82/src/inotify.c:248:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lendir = strlen(ah->fname); data/dnsmasq-2.82/src/inotify.c:254:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/dnsmasq-2.82/src/ipset.c:110:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setname) >= IPSET_MAXNAMELEN) data/dnsmasq-2.82/src/ipset.c:131:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname); data/dnsmasq-2.82/src/ipset.c:169:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setname) >= sizeof(req_adt_get.set.name)) data/dnsmasq-2.82/src/lease.c:44:19: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. while ((items=fscanf(leasestream, "%255s %255s", daemon->dhcp_buff3, daemon->dhcp_buff2)) == 2) data/dnsmasq-2.82/src/lease.c:61:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(leasestream, " %64s %255s %764s", data/dnsmasq-2.82/src/lease.c:977:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((new_name = whine_malloc(strlen(name) + 1))) data/dnsmasq-2.82/src/lease.c:980:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (domain && (new_fqdn = whine_malloc(strlen(new_name) + strlen(domain) + 2))) data/dnsmasq-2.82/src/lease.c:980:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (domain && (new_fqdn = whine_malloc(strlen(new_name) + strlen(domain) + 2))) data/dnsmasq-2.82/src/lease.c:983:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(new_fqdn, "."); data/dnsmasq-2.82/src/log.c:232:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). logaddr.sun_len = sizeof(logaddr) - sizeof(logaddr.sun_path) + strlen(_PATH_LOG) + 1; data/dnsmasq-2.82/src/loop.c:73:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p++ = strlen(LOOP_TEST_DOMAIN); data/dnsmasq-2.82/src/loop.c:75:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(LOOP_TEST_DOMAIN) + 1; data/dnsmasq-2.82/src/loop.c:94:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(LOOP_TEST_DOMAIN) + 9 != strlen(query) || data/dnsmasq-2.82/src/loop.c:94:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(LOOP_TEST_DOMAIN) + 9 != strlen(query) || data/dnsmasq-2.82/src/network.c:410:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1))) data/dnsmasq-2.82/src/network.c:472:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1))) data/dnsmasq-2.82/src/network.c:1330:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (intname && strlen(intname) != 0) data/dnsmasq-2.82/src/network.c:1411:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(daemon->namebuff, " "); data/dnsmasq-2.82/src/network.c:1496:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (domain && !(domain_str = whine_malloc(strlen(domain)+1))) data/dnsmasq-2.82/src/network.c:1641:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(serv->domain) == 0) data/dnsmasq-2.82/src/option.c:588:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cp && (len = strlen(cp)) != 0) data/dnsmasq-2.82/src/option.c:693:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(txt); data/dnsmasq-2.82/src/option.c:789:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!arg || strlen(arg) == 0) data/dnsmasq-2.82/src/option.c:1285:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (found_dig && (opt_len & OT_TIME) && strlen(comma) > 0) data/dnsmasq-2.82/src/option.c:1289:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (comma[strlen(comma) - 1]) data/dnsmasq-2.82/src/option.c:1309:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comma[strlen(comma) - 1] = 0; data/dnsmasq-2.82/src/option.c:1409:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cp) > 1 && cp[strlen(cp)-1] == ']') data/dnsmasq-2.82/src/option.c:1409:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cp) > 1 && cp[strlen(cp)-1] == ']') data/dnsmasq-2.82/src/option.c:1410:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp[strlen(cp)-1] = 0; data/dnsmasq-2.82/src/option.c:1447:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domlen = strlen(dom) + 2; data/dnsmasq-2.82/src/option.c:1508:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newp = opt_malloc(strlen(comma)+(2*commas)); data/dnsmasq-2.82/src/option.c:1515:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u16 len = strlen(arg); data/dnsmasq-2.82/src/option.c:1542:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newp = opt_malloc(len + header_size + strlen(dom) + 2); data/dnsmasq-2.82/src/option.c:1572:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = strlen(comma); data/dnsmasq-2.82/src/option.c:1712:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) != 0) data/dnsmasq-2.82/src/option.c:1743:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(ent->d_name); data/dnsmasq-2.82/src/option.c:1758:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ls = strlen(li->name); data/dnsmasq-2.82/src/option.c:1770:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ls = strlen(li->name); data/dnsmasq-2.82/src/option.c:1778:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = opt_malloc(strlen(directory) + len + 2); data/dnsmasq-2.82/src/option.c:1780:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/dnsmasq-2.82/src/option.c:2264:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) data/dnsmasq-2.82/src/option.c:2311:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN) data/dnsmasq-2.82/src/option.c:2364:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN) data/dnsmasq-2.82/src/option.c:2567:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (arg) != 0 && !(domain = canonicalise_opt(arg))) data/dnsmasq-2.82/src/option.c:2702:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(arg) != 0 && !(domain = canonicalise_opt(arg))) data/dnsmasq-2.82/src/option.c:2917:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(comma = split(arg)) || strlen(arg) > IF_NAMESIZE - 1 ) data/dnsmasq-2.82/src/option.c:2936:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) != 0 && strlen(arg) <= IF_NAMESIZE - 1) data/dnsmasq-2.82/src/option.c:2936:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) != 0 && strlen(arg) <= IF_NAMESIZE - 1) data/dnsmasq-2.82/src/option.c:3200:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a[leasepos]) > 0) data/dnsmasq-2.82/src/option.c:3202:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (a[leasepos][strlen(a[leasepos]) - 1]) data/dnsmasq-2.82/src/option.c:3222:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a[leasepos][strlen(a[leasepos]) - 1] = 0; data/dnsmasq-2.82/src/option.c:3283:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(arg); data/dnsmasq-2.82/src/option.c:3311:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (arg[0] == '[' && arg[strlen(arg)-1] == ']') data/dnsmasq-2.82/src/option.c:3317:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg[strlen(arg)-1] = 0; data/dnsmasq-2.82/src/option.c:3398:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) > 1) data/dnsmasq-2.82/src/option.c:3400:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lastp = arg + strlen(arg) - 1; data/dnsmasq-2.82/src/option.c:3497:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg); data/dnsmasq-2.82/src/option.c:3557:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(comma = split(arg)) || (len = strlen(comma)) == 0) data/dnsmasq-2.82/src/option.c:3671:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = strlen(arg) + 1; data/dnsmasq-2.82/src/option.c:3832:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = strlen(comma); data/dnsmasq-2.82/src/option.c:3838:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = parse_hex(comma, (unsigned char *)comma, strlen(comma), NULL, NULL); data/dnsmasq-2.82/src/option.c:4019:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). daemon->duid_config_len = parse_hex(comma,(unsigned char *)comma, strlen(comma), NULL, NULL); data/dnsmasq-2.82/src/option.c:4117:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int arglen = strlen(arg); data/dnsmasq-2.82/src/option.c:4268:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = strlen(tag) + strlen(value) + 2; data/dnsmasq-2.82/src/option.c:4268:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->len = strlen(tag) + strlen(value) + 2; data/dnsmasq-2.82/src/option.c:4271:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->txt[1] = strlen(tag); data/dnsmasq-2.82/src/option.c:4272:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&new->txt[2], tag, strlen(tag)); data/dnsmasq-2.82/src/option.c:4273:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&new->txt[2 + strlen(tag)], value, strlen(value)); data/dnsmasq-2.82/src/option.c:4273:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&new->txt[2 + strlen(tag)], value, strlen(value)); data/dnsmasq-2.82/src/option.c:4296:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = comma ? strlen(comma) : 0; data/dnsmasq-2.82/src/option.c:4510:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (2*strlen(keyhex))+1; data/dnsmasq-2.82/src/option.c:4571:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+1, strlen(p+1)+1); data/dnsmasq-2.82/src/option.c:4587:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+1, strlen(p+1)+1); data/dnsmasq-2.82/src/option.c:4598:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+1, strlen(p+1)+1); data/dnsmasq-2.82/src/option.c:4622:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (len = strlen(start); (len != 0) && (start[len-1] == ' '); len--); data/dnsmasq-2.82/src/option.c:4666:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file); data/dnsmasq-2.82/src/option.c:4797:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lendir = strlen(ah->fname); data/dnsmasq-2.82/src/option.c:4798:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenfile = strlen(ent->d_name); data/dnsmasq-2.82/src/option.c:4816:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (lendir < strlen(ah1->fname) && data/dnsmasq-2.82/src/option.c:4839:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/dnsmasq-2.82/src/option.c:5062:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) >= argbuf_size) data/dnsmasq-2.82/src/option.c:5065:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argbuf_size = strlen(optarg) + 1; data/dnsmasq-2.82/src/option.c:5294:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buff, "."); data/dnsmasq-2.82/src/outpacket.c:115:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). put_opt6(s, strlen(s)); data/dnsmasq-2.82/src/rfc1035.c:153:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(namein) > MAXARPANAME) data/dnsmasq-2.82/src/rfc1035.c:183:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) data/dnsmasq-2.82/src/rfc1035.c:232:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1) data/dnsmasq-2.82/src/rfc1035.c:825:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */ data/dnsmasq-2.82/src/rfc1035.c:1264:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). usval = sval ? strlen(sval) : 0; data/dnsmasq-2.82/src/rfc1035.c:1621:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int namelen = strlen(name); data/dnsmasq-2.82/src/rfc1035.c:1633:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domainlen = strlen(serv->domain); data/dnsmasq-2.82/src/rfc2131.c:731:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nl = strlen(client_hostname); data/dnsmasq-2.82/src/rfc2131.c:737:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ml = strlen(m->name); data/dnsmasq-2.82/src/rfc2131.c:773:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(client_hostname) != 0) data/dnsmasq-2.82/src/rfc2131.c:1427:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0); data/dnsmasq-2.82/src/rfc2131.c:1844:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (option_bool(OPT_LOG_OPTS) && strlen((char *)mess->file) != 0) data/dnsmasq-2.82/src/rfc2131.c:1853:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (option_bool(OPT_LOG_OPTS) && strlen((char *)mess->sname) != 0) data/dnsmasq-2.82/src/rfc2131.c:1954:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/dnsmasq-2.82/src/rfc2131.c:2031:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *)dopt->u.vendor_class); data/dnsmasq-2.82/src/rfc2131.c:2204:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(service->menu); data/dnsmasq-2.82/src/rfc2131.c:2352:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s) != 0 ? ":" : "", data/dnsmasq-2.82/src/rfc2131.c:2523:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname) + 3; data/dnsmasq-2.82/src/rfc2131.c:2531:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(domain) + 1; data/dnsmasq-2.82/src/rfc2131.c:2552:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(p, hostname, strlen(hostname)); data/dnsmasq-2.82/src/rfc2131.c:2553:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(hostname); data/dnsmasq-2.82/src/rfc2131.c:2557:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(p, domain, strlen(domain)); data/dnsmasq-2.82/src/rfc2131.c:2558:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(domain); data/dnsmasq-2.82/src/rfc3315.c:494:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nl = strlen(daemon->dhcp_buff); data/dnsmasq-2.82/src/rfc3315.c:503:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ml = strlen(m->name); data/dnsmasq-2.82/src/rfc3315.c:541:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(state->client_hostname) != 0) data/dnsmasq-2.82/src/rfc3315.c:1451:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(state->hostname); data/dnsmasq-2.82/src/rfc3315.c:1454:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(state->send_domain) + 2; data/dnsmasq-2.82/src/rfc3315.c:1481:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s) != 0 ? ":" : "", data/dnsmasq-2.82/src/rfc3315.c:1865:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lease_add_extradata(lease, (unsigned char *)daemon->dhcp_buff2, strlen(daemon->dhcp_buff2), 0); data/dnsmasq-2.82/src/rfc3315.c:1876:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->client_hostname ? strlen(state->client_hostname) : 0, 0); data/dnsmasq-2.82/src/rfc3315.c:1884:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lease_add_extradata(lease, (unsigned char *)context->netid.net, strlen(context->netid.net), tagif ? ' ' : 0); data/dnsmasq-2.82/src/rfc3315.c:1897:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0); data/dnsmasq-2.82/src/rfc3315.c:1905:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lease_add_extradata(lease, (unsigned char *)daemon->addrbuff, state->link_address ? strlen(daemon->addrbuff) : 0, 0); data/dnsmasq-2.82/src/rfc3315.c:2001:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(daemon->dhcp_buff2, " "); data/dnsmasq-2.82/src/tables.c:80:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setname) >= PF_TABLE_NAME_SIZE) data/dnsmasq-2.82/src/tftp.c:405:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(daemon->namebuff, "/"); data/dnsmasq-2.82/src/tftp.c:410:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(daemon->namebuff, prefix, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:410:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(daemon->namebuff, prefix, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:411:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prefix[strlen(prefix)-1] != '/') data/dnsmasq-2.82/src/tftp.c:412:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:412:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:416:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldlen = strlen(daemon->namebuff); data/dnsmasq-2.82/src/tftp.c:419:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(daemon->namebuff, daemon->addrbuff, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:419:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(daemon->namebuff, daemon->addrbuff, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:420:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:420:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:448:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldlen = strlen(daemon->namebuff); data/dnsmasq-2.82/src/tftp.c:471:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:471:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff)); data/dnsmasq-2.82/src/tftp.c:549:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(file = whine_malloc(sizeof(struct tftp_file) + strlen(namebuff) + 1))) data/dnsmasq-2.82/src/tftp.c:711:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (len = strlen(ret)) == 0) data/dnsmasq-2.82/src/util.c:123:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dotgap = 0, l = strlen(in); data/dnsmasq-2.82/src/util.c:239:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = whine_malloc(strlen(in)+1))) data/dnsmasq-2.82/src/util.c:297:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, src, size-1); data/dnsmasq-2.82/src/util.c:496:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN) data/dnsmasq-2.82/src/util.c:496:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN) data/dnsmasq-2.82/src/util.c:498:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "%"); data/dnsmasq-2.82/src/util.c:696:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, &packet[done], (size_t)(size - done)); ANALYSIS SUMMARY: Hits = 647 Lines analyzed = 40840 in approximately 1.04 seconds (39109 lines/second) Physical Source Lines of Code (SLOC) = 31131 Hits@level = [0] 64 [1] 225 [2] 329 [3] 3 [4] 85 [5] 5 Hits@level+ = [0+] 711 [1+] 647 [2+] 422 [3+] 93 [4+] 90 [5+] 5 Hits/KSLOC@level+ = [0+] 22.839 [1+] 20.7831 [2+] 13.5556 [3+] 2.98738 [4+] 2.89101 [5+] 0.160612 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.