Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c
Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c
Examining data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c
Examining data/dnsmasq-2.82/src/arp.c
Examining data/dnsmasq-2.82/src/auth.c
Examining data/dnsmasq-2.82/src/blockdata.c
Examining data/dnsmasq-2.82/src/bpf.c
Examining data/dnsmasq-2.82/src/cache.c
Examining data/dnsmasq-2.82/src/config.h
Examining data/dnsmasq-2.82/src/conntrack.c
Examining data/dnsmasq-2.82/src/crypto.c
Examining data/dnsmasq-2.82/src/dbus.c
Examining data/dnsmasq-2.82/src/dhcp-common.c
Examining data/dnsmasq-2.82/src/dhcp-protocol.h
Examining data/dnsmasq-2.82/src/dhcp.c
Examining data/dnsmasq-2.82/src/dhcp6-protocol.h
Examining data/dnsmasq-2.82/src/dhcp6.c
Examining data/dnsmasq-2.82/src/dns-protocol.h
Examining data/dnsmasq-2.82/src/dnsmasq.c
Examining data/dnsmasq-2.82/src/dnsmasq.h
Examining data/dnsmasq-2.82/src/dnssec.c
Examining data/dnsmasq-2.82/src/domain.c
Examining data/dnsmasq-2.82/src/dump.c
Examining data/dnsmasq-2.82/src/edns0.c
Examining data/dnsmasq-2.82/src/forward.c
Examining data/dnsmasq-2.82/src/helper.c
Examining data/dnsmasq-2.82/src/inotify.c
Examining data/dnsmasq-2.82/src/ip6addr.h
Examining data/dnsmasq-2.82/src/ipset.c
Examining data/dnsmasq-2.82/src/lease.c
Examining data/dnsmasq-2.82/src/log.c
Examining data/dnsmasq-2.82/src/loop.c
Examining data/dnsmasq-2.82/src/metrics.c
Examining data/dnsmasq-2.82/src/metrics.h
Examining data/dnsmasq-2.82/src/netlink.c
Examining data/dnsmasq-2.82/src/network.c
Examining data/dnsmasq-2.82/src/option.c
Examining data/dnsmasq-2.82/src/outpacket.c
Examining data/dnsmasq-2.82/src/poll.c
Examining data/dnsmasq-2.82/src/radv-protocol.h
Examining data/dnsmasq-2.82/src/radv.c
Examining data/dnsmasq-2.82/src/rfc1035.c
Examining data/dnsmasq-2.82/src/rfc2131.c
Examining data/dnsmasq-2.82/src/rfc3315.c
Examining data/dnsmasq-2.82/src/rrfilter.c
Examining data/dnsmasq-2.82/src/slaac.c
Examining data/dnsmasq-2.82/src/tables.c
Examining data/dnsmasq-2.82/src/tftp.c
Examining data/dnsmasq-2.82/src/ubus.c
Examining data/dnsmasq-2.82/src/util.c
FINAL RESULTS:
data/dnsmasq-2.82/src/domain.c:201:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(name, ".", MAXDNAME);
data/dnsmasq-2.82/src/domain.c:202:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(name, c->domain, MAXDNAME);
data/dnsmasq-2.82/src/domain.c:239:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(name, ".", MAXDNAME);
data/dnsmasq-2.82/src/domain.c:240:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(name, c->domain, MAXDNAME);
data/dnsmasq-2.82/src/inotify.c:51:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
rc = readlink(path, buf, (size_t)size);
data/dnsmasq-2.82/src/auth.c:221:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cache_get_name(crecp));
data/dnsmasq-2.82/src/auth.c:233:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, zone->domain);
data/dnsmasq-2.82/src/auth.c:545:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, candidate->target);
data/dnsmasq-2.82/src/auth.c:549:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, zone->domain);
data/dnsmasq-2.82/src/auth.c:763:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, a->target);
data/dnsmasq-2.82/src/auth.c:767:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, zone->domain);
data/dnsmasq-2.82/src/auth.c:799:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cache_get_name(crecp));
data/dnsmasq-2.82/src/cache.c:632:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cache_get_name(new), name);
data/dnsmasq-2.82/src/cache.c:1149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cache->name.sname, canon);
data/dnsmasq-2.82/src/cache.c:1151:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cache->name.sname, domain_suffix);
data/dnsmasq-2.82/src/cache.c:1159:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cache->name.sname, canon);
data/dnsmasq-2.82/src/cache.c:1772:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s ", a, t,
data/dnsmasq-2.82/src/cache.c:1784:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s", cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)));
data/dnsmasq-2.82/src/cache.c:1854:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s[%s]", desc, types);
data/dnsmasq-2.82/src/cache.c:1856:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s[type=%d]", desc, type);
data/dnsmasq-2.82/src/cache.c:1861:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "<%s>", types);
data/dnsmasq-2.82/src/cache.c:1883:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(daemon->addrbuff, arg, addr->log.keytag, addr->log.algo, addr->log.digest);
data/dnsmasq-2.82/src/dbus.c:299:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_domain, str);
data/dnsmasq-2.82/src/dbus.c:361:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_addr, str);
data/dnsmasq-2.82/src/dbus.c:652:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(introspection_xml, introspection_xml_template, daemon->dbus_name);
data/dnsmasq-2.82/src/dhcp-common.c:899:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s for %s", (context->flags & CONTEXT_OLD) ? "old prefix" : "constructed", ifrn_name);
data/dnsmasq-2.82/src/dhcp-common.c:906:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "template for %s", context->template_interface);
data/dnsmasq-2.82/src/dhcp-common.c:919:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->dhcp_buff, daemon->addrbuff);
data/dnsmasq-2.82/src/dhcp-common.c:940:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->addrbuff, context->template_interface);
data/dnsmasq-2.82/src/dhcp.c:524:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->dhcp_buff, inet_ntoa(context->start));
data/dnsmasq-2.82/src/dhcp.c:525:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->dhcp_buff2, inet_ntoa(context->end));
data/dnsmasq-2.82/src/dnssec.c:695:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyname, name);
data/dnsmasq-2.82/src/dnssec.c:1677:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyname, &name[name_start]);
data/dnsmasq-2.82/src/dnssec.c:1904:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->workspacename, keyname);
data/dnsmasq-2.82/src/helper.c:272:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(daemon->dhcp_buff3, "%s%u", data.flags & LEASE_TA ? "T" : "", data.iaid);
data/dnsmasq-2.82/src/helper.c:641:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(daemon->lease_change_command,
data/dnsmasq-2.82/src/inotify.c:74:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buf, path);
data/dnsmasq-2.82/src/inotify.c:75:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buf, buf);
data/dnsmasq-2.82/src/inotify.c:105:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, res->name);
data/dnsmasq-2.82/src/inotify.c:188:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, ah->fname);
data/dnsmasq-2.82/src/inotify.c:190:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, ent->d_name);
data/dnsmasq-2.82/src/inotify.c:253:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, ah->fname);
data/dnsmasq-2.82/src/inotify.c:255:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, in->name);
data/dnsmasq-2.82/src/ipset.c:177:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(req_adt_get.set.name, setname);
data/dnsmasq-2.82/src/lease.c:158:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->dhcp_buff, daemon->lease_change_command);
data/dnsmasq-2.82/src/lease.c:160:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
leasestream = popen(daemon->dhcp_buff, "r");
data/dnsmasq-2.82/src/lease.c:246:19: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (!(*errp) && vfprintf(daemon->lease_stream, format, ap) < 0)
data/dnsmasq-2.82/src/lease.c:979:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_name, name);
data/dnsmasq-2.82/src/lease.c:982:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_fqdn, name);
data/dnsmasq-2.82/src/lease.c:984:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_fqdn, domain);
data/dnsmasq-2.82/src/log.c:305:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/dnsmasq-2.82/src/log.c:376:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "dnsmasq%s[%d]: ", func, (int)pid);
data/dnsmasq-2.82/src/log.c:380:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len += vsnprintf(p, MAX_MESSAGE - len, format, ap) + 1; /* include zero-terminator */
data/dnsmasq-2.82/src/loop.c:74:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)p, LOOP_TEST_DOMAIN); /* Add terminating zero */
data/dnsmasq-2.82/src/network.c:412:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lo->name, ifr.ifr_name);
data/dnsmasq-2.82/src/network.c:474:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->name, ifr.ifr_name);
data/dnsmasq-2.82/src/network.c:1412:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(daemon->namebuff, srv->interface);
data/dnsmasq-2.82/src/network.c:1513:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(domain_str, domain);
data/dnsmasq-2.82/src/option.c:750:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff+4, "--%s%s%s", opts[j].name, eq, desc);
data/dnsmasq-2.82/src/option.c:755:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, usage[i].arg);
data/dnsmasq-2.82/src/option.c:760:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_(usage[i].desc), buff);
data/dnsmasq-2.82/src/option.c:765:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0)
data/dnsmasq-2.82/src/option.c:766:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define ret_err_free(x,m) do { strcpy(errstr, (x)); free((m)); return 0; } while (0)
data/dnsmasq-2.82/src/option.c:767:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define goto_err(x) do { strcpy(errstr, (x)); goto on_error; } while (0)
data/dnsmasq-2.82/src/option.c:1779:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, directory);
data/dnsmasq-2.82/src/option.c:1781:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, ent->d_name);
data/dnsmasq-2.82/src/option.c:2630:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serv->next->interface, serv->interface);
data/dnsmasq-2.82/src/option.c:2927:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->iface, arg);
data/dnsmasq-2.82/src/option.c:2941:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->iface, arg);
data/dnsmasq-2.82/src/option.c:3389:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr, _("duplicate dhcp-host IP address %s"), inet_ntoa(in));
data/dnsmasq-2.82/src/option.c:4662:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->namebuff, errmess);
data/dnsmasq-2.82/src/option.c:4666:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file);
data/dnsmasq-2.82/src/option.c:4838:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, ah->fname);
data/dnsmasq-2.82/src/option.c:4840:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, ent->d_name);
data/dnsmasq-2.82/src/option.c:5212:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, daemon->authserver);
data/dnsmasq-2.82/src/option.c:5293:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, srv->name);
data/dnsmasq-2.82/src/option.c:5295:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, daemon->domain_suffix);
data/dnsmasq-2.82/src/radv.c:418:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(daemon->namebuff, "/proc/sys/net/ipv6/conf/%s/mtu", mtu_name ? mtu_name : iface_name);
data/dnsmasq-2.82/src/rfc1035.c:1412:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cname_target);
data/dnsmasq-2.82/src/rfc2131.c:383:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->namebuff, inet_ntoa(context_tmp->start));
data/dnsmasq-2.82/src/rfc2131.c:1476:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
hostname += sprintf(hostname, "%.2x%s", emac[i], (i == emac_len - 1) ? "" : "-");
data/dnsmasq-2.82/src/rfc2131.c:2160:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)mess->file, sizeof(mess->file),
data/dnsmasq-2.82/src/rfc3315.c:1955:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(daemon->namebuff, "%s PL=%u VL=%u",
data/dnsmasq-2.82/src/tftp.c:560:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file->filename, namebuff);
data/dnsmasq-2.82/src/tftp.c:626:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->namebuff, transfer->file->filename);
data/dnsmasq-2.82/src/tftp.c:743:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(mess->message, MAXMESSAGE, message, file, errstr);
data/dnsmasq-2.82/src/tftp.c:754:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(daemon->namebuff, file);
data/dnsmasq-2.82/src/util.c:240:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, in);
data/dnsmasq-2.82/src/util.c:499:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, name);
data/dnsmasq-2.82/src/util.c:646:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%.2x%s", mac[i], (i == len - 1) ? "" : ":");
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:402:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "a:s:c:n:i:hd", longopts, &option_index);
data/dnsmasq-2.82/src/option.c:5042:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
option = getopt_long(argc, argv, OPTSTRING, opts, NULL);
data/dnsmasq-2.82/src/option.c:5044:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
option = getopt(argc, argv, OPTSTRING);
data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:54:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:55:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2]))
data/dnsmasq-2.82/contrib/lease-tools/dhcp_lease_time.c:69:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char options[308];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char options[308];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:93:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, iov->iov_base, iov->iov_len);
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:318:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &server, sizeof(server));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[1024];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:204:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result.iaid = htonl(atoi(iaid));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.options, &ia_addr, ntohs(ia_addr.len) + 2 * sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:226:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.buf + offset, &client_option, ntohs(client_option.len) + 2*sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:228:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.buf + offset, &server_option, ntohs(server_option.len) + 2*sizeof(uint16_t) );
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.buf + offset, &iana_option, ntohs(iana_option.len) + 2*sizeof(uint16_t) );
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option_value[1024];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:243:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&option_type,buf + current_pos, sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:244:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:251:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&status, buf + current_pos, sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:255:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(option_value, buf + current_pos + sizeof(uint16_t) , option_len - sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option_value[1024];
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:281:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&option_type,buf + current_pos, sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:282:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&option_len,buf + current_pos + sizeof(uint16_t), sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:289:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&status, buf + current_pos, sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:293:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(option_value, buf + current_pos +sizeof(uint16_t) , option_len -sizeof(uint16_t));
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[1400];
data/dnsmasq-2.82/src/arp.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/arp.c:69:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->hwaddr, mac, maclen);
data/dnsmasq-2.82/src/arp.c:96:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->hwaddr, mac, maclen);
data/dnsmasq-2.82/src/arp.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&arp->addr.addr6, addrp, IN6ADDRSZ);
data/dnsmasq-2.82/src/arp.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, arp->hwaddr, arp->hwlen);
data/dnsmasq-2.82/src/arp.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&arp->addr.addr6, &addr->in6.sin6_addr, IN6ADDRSZ);
data/dnsmasq-2.82/src/auth.c:587:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%u.", a & 0xff);
data/dnsmasq-2.82/src/auth.c:590:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%u.", a & 0xff);
data/dnsmasq-2.82/src/auth.c:592:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%u.in-addr.arpa", a & 0xff);
data/dnsmasq-2.82/src/auth.c:603:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
data/dnsmasq-2.82/src/auth.c:605:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "ip6.arpa");
data/dnsmasq-2.82/src/blockdata.c:91:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->key, data, blen);
data/dnsmasq-2.82/src/blockdata.c:154:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, b->key, blen);
data/dnsmasq-2.82/src/bpf.c:256:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff, "/dev/bpf%d", i++);
data/dnsmasq-2.82/src/bpf.c:257:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((daemon->dhcp_raw_fd = open(daemon->dhcp_buff, O_RDWR, 0)) != -1)
data/dnsmasq-2.82/src/bpf.c:298:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ether.ether_shost, LLADDR((struct sockaddr_dl *)&ifr->ifr_addr), ETHER_ADDR_LEN);
data/dnsmasq-2.82/src/bpf.c:308:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ether.ether_dhost, mess->chaddr, ETHER_ADDR_LEN);
data/dnsmasq-2.82/src/bpf.c:333:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)mess)[len] = 0; /* for checksum, in case length is odd. */
data/dnsmasq-2.82/src/cache.c:1005:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
j = (j*2 +((unsigned char *)addr)[i]) % hashsz;
data/dnsmasq-2.82/src/cache.c:1031:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cache->addr, addr, addrlen);
data/dnsmasq-2.82/src/cache.c:1085:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/dnsmasq-2.82/src/cache.c:1577:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%d", daemon->cachesize);
data/dnsmasq-2.82/src/cache.c:1581:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_INSERTED]);
data/dnsmasq-2.82/src/cache.c:1585:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%d", daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]);
data/dnsmasq-2.82/src/cache.c:1589:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_QUERIES_FORWARDED]);
data/dnsmasq-2.82/src/cache.c:1593:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]);
data/dnsmasq-2.82/src/cache.c:1598:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff+1, "%u", daemon->metrics[METRIC_DNS_AUTH_ANSWERED]);
data/dnsmasq-2.82/src/cache.c:1633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, buff, bufflen);
data/dnsmasq-2.82/src/cache.c:1724:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%-30.30s ", sanitise(n));
data/dnsmasq-2.82/src/cache.c:1730:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ssize_t len = sprintf(a, "%u %u %u ", cache->addr.srv.priority,
data/dnsmasq-2.82/src/cache.c:1742:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%5u %3u %3u", cache->addr.ds.keytag,
data/dnsmasq-2.82/src/cache.c:1746:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%5u %3u %3u", cache->addr.key.keytag,
data/dnsmasq-2.82/src/cache.c:1782:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
data/dnsmasq-2.82/src/cache.c:1863:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "type=%d", type);
data/dnsmasq-2.82/src/cache.c:1895:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->addrbuff, "%u", rcode);
data/dnsmasq-2.82/src/crypto.c:72:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, null_hash_buff, ctx->len);
data/dnsmasq-2.82/src/crypto.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(null_hash_buff + ctx->len, src, length);
data/dnsmasq-2.82/src/dbus.c:172:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p[sizeof(struct in6_addr)];
data/dnsmasq-2.82/src/dbus.c:190:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.in6.sin6_addr, p, sizeof(struct in6_addr));
data/dnsmasq-2.82/src/dbus.c:280:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface[IF_NAMESIZE];
data/dnsmasq-2.82/src/dbus.c:461:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dhcp_chaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/dhcp-common.c:478:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&config->addr6->addr.addr6, &crec->addr.addr6, IN6ADDRSZ);
data/dnsmasq-2.82/src/dhcp-common.c:766:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, &val[i], addr_len);
data/dnsmasq-2.82/src/dhcp-common.c:832:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u", dec);
data/dnsmasq-2.82/src/dhcp-common.c:882:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(daemon->namebuff, _(", prefix deprecated"));
data/dnsmasq-2.82/src/dhcp-common.c:885:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, _(", lease time "));
data/dnsmasq-2.82/src/dhcp-common.c:893:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifrn_name[IFNAMSIZ];
data/dnsmasq-2.82/src/dhcp-common.c:896:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, ", ");
data/dnsmasq-2.82/src/dhcp-common.c:904:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, ", ");
data/dnsmasq-2.82/src/dhcp.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/dnsmasq-2.82/src/dhcp.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(unsigned int))];
data/dnsmasq-2.82/src/dhcp.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
data/dnsmasq-2.82/src/dhcp.c:422:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&arp_req.arp_pa, &dest, sizeof(struct sockaddr_in));
data/dnsmasq-2.82/src/dhcp.c:424:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_req.arp_ha.sa_data, mess->chaddr, mess->hlen);
data/dnsmasq-2.82/src/dhcp.c:451:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
data/dnsmasq-2.82/src/dhcp.c:862:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(ETHERSFILE, "r");
data/dnsmasq-2.82/src/dhcp.c:867:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[ETHER_ADDR_LEN];
data/dnsmasq-2.82/src/dhcp.c:1004:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(config->hwaddr->hwaddr, hwaddr, ETHER_ADDR_LEN);
data/dnsmasq-2.82/src/dhcp6.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/dnsmasq-2.82/src/dhcp6.c:576:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, daemon->duid_config, daemon->duid_config_len);
data/dnsmasq-2.82/src/dhcp6.c:627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, mac, maclen);
data/dnsmasq-2.82/src/dhcp6.c:641:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifrn_name[IFNAMSIZ];
data/dnsmasq-2.82/src/dnsmasq.c:153:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDWR);
data/dnsmasq-2.82/src/dnsmasq.c:619:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->namebuff, "%d\n", (int) getpid());
data/dnsmasq-2.82/src/dnsmasq.c:642:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
data/dnsmasq-2.82/src/dnsmasq.c:681:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int nullfd = open("/dev/null", O_RDWR);
data/dnsmasq-2.82/src/dnsmasq.c:1813:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intr_name[IF_NAMESIZE];
data/dnsmasq-2.82/src/dnsmasq.h:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME];
data/dnsmasq-2.82/src/dnsmasq.h:441:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[KEYBLOCK_LEN];
data/dnsmasq-2.82/src/dnsmasq.h:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[SMALLDNAME];
data/dnsmasq-2.82/src/dnsmasq.h:536:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface[IF_NAMESIZE+1];
data/dnsmasq-2.82/src/dnsmasq.h:548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface[IF_NAMESIZE+1];
data/dnsmasq-2.82/src/dnsmasq.h:674:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *hash[HASH_SIZE];
data/dnsmasq-2.82/src/dnsmasq.h:724:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/dnsmasq.h:769:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/dnsmasq.h:873:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/dnsmasq.h:879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[IF_NAMESIZE];
data/dnsmasq-2.82/src/dnssec.c:170:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
data/dnsmasq-2.82/src/dnssec.c:240:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, *p, bufflen);
data/dnsmasq-2.82/src/dnssec.c:261:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, *p, d);
data/dnsmasq-2.82/src/dnssec.c:319:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff1 + left1, p1, len1);
data/dnsmasq-2.82/src/dnssec.c:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2 + left2, p2, len2);
data/dnsmasq-2.82/src/domain.c:71:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int index = atoi(tail);
data/dnsmasq-2.82/src/domain.c:119:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tail, "::ffff:", 7);
data/dnsmasq-2.82/src/dump.c:66:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((daemon->dumpfd = open(daemon->dump_file, O_APPEND | O_RDWR)) == -1 ||
data/dnsmasq-2.82/src/dump.c:124:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6.ip6_src, &src->in6.sin6_addr, IN6ADDRSZ);
data/dnsmasq-2.82/src/dump.c:130:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6.ip6_dst, &dst->in6.sin6_addr, IN6ADDRSZ);
data/dnsmasq-2.82/src/dump.c:181:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)packet)[len] = 0; /* for checksum, in case length is odd. */
data/dnsmasq-2.82/src/edns0.c:178:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, datap, rdlen);
data/dnsmasq-2.82/src/edns0.c:220:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buff, rdlen);
data/dnsmasq-2.82/src/edns0.c:242:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, opt, optlen);
data/dnsmasq-2.82/src/edns0.c:270:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/edns0.c:271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encode[18]; /* handle 6 byte MACs */
data/dnsmasq-2.82/src/edns0.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/edns0.c:358:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->addr, addrp, len);
data/dnsmasq-2.82/src/forward.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/dnsmasq-2.82/src/forward.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_addr))];
data/dnsmasq-2.82/src/forward.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/dnsmasq-2.82/src/forward.c:69:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmptr), &p, sizeof(p));
data/dnsmasq-2.82/src/forward.c:75:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmptr), &(source->addr4), sizeof(source->addr4));
data/dnsmasq-2.82/src/forward.c:87:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmptr), &p, sizeof(p));
data/dnsmasq-2.82/src/forward.c:362:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forward->hash, hash, HASH_SIZE);
data/dnsmasq-2.82/src/forward.c:531:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(daemon->namebuff, "query");
data/dnsmasq-2.82/src/forward.c:1119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->hash, hash, HASH_SIZE);
data/dnsmasq-2.82/src/forward.c:1276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/dnsmasq-2.82/src/forward.c:1278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/dnsmasq-2.82/src/forward.c:1280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_addr)) +
data/dnsmasq-2.82/src/forward.c:1283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_addr)) +
data/dnsmasq-2.82/src/forward.c:1974:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *newhash, hash[HASH_SIZE];
data/dnsmasq-2.82/src/forward.c:1976:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, newhash, HASH_SIZE);
data/dnsmasq-2.82/src/forward.c:2047:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(daemon->namebuff, "query");
data/dnsmasq-2.82/src/helper.c:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/helper.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface[IF_NAMESIZE];
data/dnsmasq-2.82/src/helper.c:243:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.2x-", data.hwaddr_type);
data/dnsmasq-2.82/src/helper.c:246:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.2x", data.hwaddr[i]);
data/dnsmasq-2.82/src/helper.c:263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.2x", buf[i]);
data/dnsmasq-2.82/src/helper.c:275:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.2x", daemon->duid[i]);
data/dnsmasq-2.82/src/helper.c:312:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is6 ? daemon->packet : daemon->dhcp_buff, "%lu", (unsigned long)data.file_len);
data/dnsmasq-2.82/src/helper.c:408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "vendor_class_id");
data/dnsmasq-2.82/src/helper.c:412:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "vendor_class%i", i);
data/dnsmasq-2.82/src/helper.c:442:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "user_class%i", i);
data/dnsmasq-2.82/src/helper.c:568:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "%u", data.length);
data/dnsmasq-2.82/src/helper.c:571:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "%lu", (unsigned long)data.expires);
data/dnsmasq-2.82/src/helper.c:590:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "DNSMASQ_VENDOR_CLASS%i", i);
data/dnsmasq-2.82/src/helper.c:619:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "DNSMASQ_USER_CLASS%i", i);
data/dnsmasq-2.82/src/helper.c:623:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "%u", data.remaining_time);
data/dnsmasq-2.82/src/helper.c:774:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->hwaddr, lease->hwaddr, DHCP_CHADDR_MAX);
data/dnsmasq-2.82/src/helper.c:792:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, lease->clid, clid_len);
data/dnsmasq-2.82/src/helper.c:797:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, hostname, hostname_len);
data/dnsmasq-2.82/src/helper.c:802:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, lease->extradata, ed_len);
data/dnsmasq-2.82/src/helper.c:831:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *)(buf+1), filename, filename_len);
data/dnsmasq-2.82/src/helper.c:854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->hwaddr, mac, maclen);
data/dnsmasq-2.82/src/ipset.c:82:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)attr + NL_ALIGN(sizeof(struct my_nlattr)), data, len);
data/dnsmasq-2.82/src/ipset.c:158:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IPSET_MAXNAMELEN];
data/dnsmasq-2.82/src/ipset.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typename[IPSET_MAXNAMELEN];
data/dnsmasq-2.82/src/lease.c:56:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->duid, daemon->dhcp_buff2, daemon->duid_len);
data/dnsmasq-2.82/src/lease.c:119:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ei = atol(daemon->dhcp_buff3);
data/dnsmasq-2.82/src/lease.c:159:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(daemon->dhcp_buff, " init");
data/dnsmasq-2.82/src/lease.c:173:44: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
leasestream = daemon->lease_stream = fopen(daemon->lease_file, "a+");
data/dnsmasq-2.82/src/lease.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff, "%d", WEXITSTATUS(rc));
data/dnsmasq-2.82/src/lease.c:882:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lease->hwaddr, hwaddr, hw_len);
data/dnsmasq-2.82/src/lease.c:918:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lease->clid, clid, clid_len);
data/dnsmasq-2.82/src/lease.c:1189:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, lease->extradata, lease->extradata_len);
data/dnsmasq-2.82/src/lease.c:1198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lease->extradata + lease->extradata_len, data, len);
data/dnsmasq-2.82/src/log.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[MAX_MESSAGE];
data/dnsmasq-2.82/src/log.c:121:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
data/dnsmasq-2.82/src/log.c:370:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "<%d>", priority | log_fac);
data/dnsmasq-2.82/src/log.c:374:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.15s ", ctime(&time_now) + 4);
data/dnsmasq-2.82/src/loop.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)p, "%.8x", uid);
data/dnsmasq-2.82/src/network.c:766:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->addrbuff, "port %d", port);
data/dnsmasq-2.82/src/network.c:1699:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(fname, "r")))
data/dnsmasq-2.82/src/option.c:591:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, cp, len+1);
data/dnsmasq-2.82/src/option.c:660:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*res = atoi(a);
data/dnsmasq-2.82/src/option.c:697:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((r->txt)+1, txt, len);
data/dnsmasq-2.82/src/option.c:710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/dnsmasq-2.82/src/option.c:746:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-%c, ", usage[i].opt);
data/dnsmasq-2.82/src/option.c:748:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, " ");
data/dnsmasq-2.82/src/option.c:758:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", tab[j].val);
data/dnsmasq-2.82/src/option.c:901:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%u.", a & 0xff);
data/dnsmasq-2.82/src/option.c:904:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d.", (a >> 8) & 0xff);
data/dnsmasq-2.82/src/option.c:907:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d.", (a >> 16) & 0xff);
data/dnsmasq-2.82/src/option.c:910:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d.", (a >> 24) & 0xff);
data/dnsmasq-2.82/src/option.c:918:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "in-addr.arpa");
data/dnsmasq-2.82/src/option.c:939:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dig = ((unsigned char *)addr)[i>>3];
data/dnsmasq-2.82/src/option.c:940:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
data/dnsmasq-2.82/src/option.c:942:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "ip6.arpa");
data/dnsmasq-2.82/src/option.c:1106:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->opt = atoi(arg);
data/dnsmasq-2.82/src/option.c:1132:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->opt = atoi(arg+8);
data/dnsmasq-2.82/src/option.c:1157:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->u.encap = atoi(arg+6);
data/dnsmasq-2.82/src/option.c:1162:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->u.encap = atoi(arg+9);
data/dnsmasq-2.82/src/option.c:1314:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(comma);
data/dnsmasq-2.82/src/option.c:1326:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i, val = atoi(comma);
data/dnsmasq-2.82/src/option.c:1375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, &in, INADDRSZ);
data/dnsmasq-2.82/src/option.c:1381:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int netsize = atoi(slash);
data/dnsmasq-2.82/src/option.c:1453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, m, header_size + len);
data/dnsmasq-2.82/src/option.c:1518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, arg, len);
data/dnsmasq-2.82/src/option.c:1546:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, p, len);
data/dnsmasq-2.82/src/option.c:1903:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (hostname_isequal((char *)facilitynames[i].c_name, arg))
data/dnsmasq-2.82/src/option.c:2196:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
daemon->soa_sn = (u32)atoi(arg);
data/dnsmasq-2.82/src/option.c:2211:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
daemon->soa_refresh = (u32)atoi(arg);
data/dnsmasq-2.82/src/option.c:2216:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
daemon->soa_retry = (u32)atoi(arg);
data/dnsmasq-2.82/src/option.c:2218:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
daemon->soa_expiry = (u32)atoi(comma);
data/dnsmasq-2.82/src/option.c:2354:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->end6, &new->start6, IN6ADDRSZ);
data/dnsmasq-2.82/src/option.c:2990:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *a[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
data/dnsmasq-2.82/src/option.c:3127:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!*cp && (pref = atoi(a[leasepos])) <= 128)
data/dnsmasq-2.82/src/option.c:3232:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->lease_time = atoi(a[leasepos]) * fac;
data/dnsmasq-2.82/src/option.c:3295:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->clid, arg, len);
data/dnsmasq-2.82/src/option.c:3458:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->lease_time = atoi(arg) * fac;
data/dnsmasq-2.82/src/option.c:3673:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->val + 1, arg, new->len - 1);
data/dnsmasq-2.82/src/option.c:3819:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->enterprise = atoi(arg+11);
data/dnsmasq-2.82/src/option.c:3834:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->data, comma, new->len);
data/dnsmasq-2.82/src/option.c:3840:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->data, comma, new->len);
data/dnsmasq-2.82/src/option.c:4021:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->duid_config, comma, daemon->duid_config_len);
data/dnsmasq-2.82/src/option.c:4028:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dash, *a[3] = { NULL, NULL, NULL };
data/dnsmasq-2.82/src/option.c:4174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *a[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL };
data/dnsmasq-2.82/src/option.c:4242:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->txt, data, len);
data/dnsmasq-2.82/src/option.c:4272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->txt[2], tag, strlen(tag));
data/dnsmasq-2.82/src/option.c:4273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->txt[2 + strlen(tag)], value, strlen(value));
data/dnsmasq-2.82/src/option.c:4405:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->ttl = atoi(arg);
data/dnsmasq-2.82/src/option.c:4738:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(file, "r")))
data/dnsmasq-2.82/src/option.c:4865:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(daemon->servers_file, "r")))
data/dnsmasq-2.82/src/option.c:5051:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *c = (unsigned char *)argv[optind];
data/dnsmasq-2.82/src/option.c:5211:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "hostmaster.");
data/dnsmasq-2.82/src/option.c:5262:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen((daemon->resolv_files)->name, "r")))
data/dnsmasq-2.82/src/outpacket.c:84:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, len);
data/dnsmasq-2.82/src/poll.c:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, pollfds, i * sizeof(struct pollfd));
data/dnsmasq-2.82/src/poll.c:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd));
data/dnsmasq-2.82/src/radv.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IF_NAMESIZE+1];
data/dnsmasq-2.82/src/radv.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface[IF_NAMESIZE+1];
data/dnsmasq-2.82/src/radv.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/dnsmasq-2.82/src/radv.c:419:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(daemon->namebuff, "r")))
data/dnsmasq-2.82/src/radv.c:422:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtu = atoi(daemon->namebuff);
data/dnsmasq-2.82/src/radv.c:752:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, mac, maclen);
data/dnsmasq-2.82/src/radv.c:872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifrn_name[IFNAMSIZ];
data/dnsmasq-2.82/src/rfc1035.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXARPANAME+1], *cp1;
data/dnsmasq-2.82/src/rfc1035.c:196:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr[0] = atoi(cp1);
data/dnsmasq-2.82/src/rfc1035.c:218:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdig[2];
data/dnsmasq-2.82/src/rfc1035.c:433:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)a)[0] == 0xfd || /* RFC 6303 4.4 */
data/dnsmasq-2.82/src/rfc1035.c:465:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, p, INADDRSZ);
data/dnsmasq-2.82/src/rfc1035.c:483:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &addr, INADDRSZ);
data/dnsmasq-2.82/src/rfc1035.c:838:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, p1, addrlen);
data/dnsmasq-2.82/src/rfc1035.c:1214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sval, IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc1035.c:1221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sval, INADDRSZ);
data/dnsmasq-2.82/src/rfc1035.c:1258:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sval, usval);
data/dnsmasq-2.82/src/rfc1035.c:1269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sval, usval);
data/dnsmasq-2.82/src/rfc2131.c:21:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
data/dnsmasq-2.82/src/rfc2131.c:22:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define option_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[2u+(unsigned int)(i)]))
data/dnsmasq-2.82/src/rfc2131.c:98:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pxe_uuid[17];
data/dnsmasq-2.82/src/rfc2131.c:197:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(agent_id, opt, total);
data/dnsmasq-2.82/src/rfc2131.c:491:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->dhcp_buff3, option_ptr(opt, 0), option_len(opt));
data/dnsmasq-2.82/src/rfc2131.c:559:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->dhcp_buff2, mess->file, sizeof(mess->file));
data/dnsmasq-2.82/src/rfc2131.c:692:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pq, op+1, *op);
data/dnsmasq-2.82/src/rfc2131.c:699:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pq, op, len);
data/dnsmasq-2.82/src/rfc2131.c:716:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->dhcp_buff, option_ptr(opt, 0), len);
data/dnsmasq-2.82/src/rfc2131.c:844:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pxe_uuid, option_ptr(opt, 0), 17);
data/dnsmasq-2.82/src/rfc2131.c:856:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char save71[4];
data/dnsmasq-2.82/src/rfc2131.c:868:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save71, option_ptr(opt, 0), 4);
data/dnsmasq-2.82/src/rfc2131.c:1005:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req_options, option_ptr(opt, 0), option_len(opt));
data/dnsmasq-2.82/src/rfc2131.c:1782:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, option_ptr(opt, 0), INADDRSZ);
data/dnsmasq-2.82/src/rfc2131.c:1960:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, string, len);
data/dnsmasq-2.82/src/rfc2131.c:1981:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &context->local, INADDRSZ);
data/dnsmasq-2.82/src/rfc2131.c:1983:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, a, INADDRSZ);
data/dnsmasq-2.82/src/rfc2131.c:1989:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, opt->val ? opt->val : (unsigned char *)"", len);
data/dnsmasq-2.82/src/rfc2131.c:2096:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, uuid, 17);
data/dnsmasq-2.82/src/rfc2131.c:2212:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, service->menu, len);
data/dnsmasq-2.82/src/rfc2131.c:2236:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, &boot_server.s_addr, INADDRSZ);
data/dnsmasq-2.82/src/rfc2131.c:2552:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, hostname, strlen(hostname));
data/dnsmasq-2.82/src/rfc2131.c:2557:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, domain, strlen(domain));
data/dnsmasq-2.82/src/rfc2131.c:2679:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &swap_ent, 4);
data/dnsmasq-2.82/src/rfc2131.c:2710:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, daemon->dhcp_buff3, vendor_class_len);
data/dnsmasq-2.82/src/rfc3315.c:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/rfc3315.c:64:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define opt6_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[4+(i)]))
data/dnsmasq-2.82/src/rfc3315.c:66:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define opt6_user_vendor_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[2+(i)]))
data/dnsmasq-2.82/src/rfc3315.c:230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->mac[0], opt6_ptr(opt, 2), state->mac_len);
data/dnsmasq-2.82/src/rfc3315.c:246:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&align, inbuff + 2, IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:481:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pq, op+1, *op);
data/dnsmasq-2.82/src/rfc3315.c:674:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:949:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:1051:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:1126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:1192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:1864:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->dhcp_buff2, "%u", opt6_uint(class_opt, 0, 4));
data/dnsmasq-2.82/src/rfc3315.c:1937:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->namebuff, "IAID=%u T1=%u T2=%u",
data/dnsmasq-2.82/src/rfc3315.c:1944:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(daemon->namebuff, "IAID=%u", opt6_uint(opt, 0, 4));
data/dnsmasq-2.82/src/rfc3315.c:1953:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, opt6_ptr(opt, 0), IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:1962:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(daemon->namebuff, "%u ", opt6_uint(opt, 0, 2));
data/dnsmasq-2.82/src/rfc3315.c:1963:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daemon->namebuff + len, opt6_ptr(opt, 2), opt6_len(opt)-2);
data/dnsmasq-2.82/src/rfc3315.c:2091:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/rfc3315.c:2117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header[2], &relay->local.addr6, IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:2118:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header[18], peer_address, IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:2179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&link, &inbuff[2], IN6ADDRSZ);
data/dnsmasq-2.82/src/rfc3315.c:2197:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&peer->sin6_addr, &inbuff[18], IN6ADDRSZ);
data/dnsmasq-2.82/src/rrfilter.c:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *wkspc, old * sizeof(unsigned char *));
data/dnsmasq-2.82/src/slaac.c:50:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[8], lease->hwaddr, 3);
data/dnsmasq-2.82/src/slaac.c:51:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[13], &lease->hwaddr[3], 3);
data/dnsmasq-2.82/src/slaac.c:58:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[8], lease->hwaddr, 8);
data/dnsmasq-2.82/src/slaac.c:65:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[8], &lease->clid[1], 8);
data/dnsmasq-2.82/src/tables.c:57:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev = open( pf_device, O_RDWR);
data/dnsmasq-2.82/src/tables.c:116:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(addr.pfra_ip6addr), ipaddr, sizeof(struct in6_addr));
data/dnsmasq-2.82/src/tftp.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuff[IF_NAMESIZE];
data/dnsmasq-2.82/src/tftp.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
data/dnsmasq-2.82/src/tftp.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/dnsmasq-2.82/src/tftp.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_addr)) +
data/dnsmasq-2.82/src/tftp.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct in_addr)) +
data/dnsmasq-2.82/src/tftp.c:380:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
transfer->blocksize = atoi(opt);
data/dnsmasq-2.82/src/tftp.c:430:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char macbuf[DHCP_CHADDR_MAX];
data/dnsmasq-2.82/src/tftp.c:507:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(namebuff, O_RDONLY)) == -1)
data/dnsmasq-2.82/src/tftp.c:776:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += (sprintf(p, "blksize") + 1);
data/dnsmasq-2.82/src/tftp.c:777:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += (sprintf(p, "%u", transfer->blocksize) + 1);
data/dnsmasq-2.82/src/tftp.c:781:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += (sprintf(p,"tsize") + 1);
data/dnsmasq-2.82/src/tftp.c:782:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += (sprintf(p, "%u", (unsigned int)transfer->file->size) + 1);
data/dnsmasq-2.82/src/util.c:46:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(RANDFILE, O_RDONLY);
data/dnsmasq-2.82/src/util.c:492:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IF_NAMESIZE];
data/dnsmasq-2.82/src/util.c:510:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("infinite"));
data/dnsmasq-2.82/src/util.c:515:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(&buf[p], "%ud", x);
data/dnsmasq-2.82/src/util.c:517:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(&buf[p], "%uh", x);
data/dnsmasq-2.82/src/util.c:519:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(&buf[p], "%um", x);
data/dnsmasq-2.82/src/util.c:521:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(&buf[p], "%us", x);
data/dnsmasq-2.82/src/util.c:627:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, iov->iov_base, iov->iov_len);
data/dnsmasq-2.82/src/util.c:643:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "<null>");
data/dnsmasq-2.82/src/util.c:801:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = (split ? atoi(split) : 0);
data/dnsmasq-2.82/src/util.c:803:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = version * 256 + (split ? atoi(split) : 0);
data/dnsmasq-2.82/src/util.c:805:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return version * 256 + (split ? atoi(split) : 0);
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release.c:283:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1);
data/dnsmasq-2.82/contrib/lease-tools/dhcp_release6.c:333:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, 25, iface, strlen(iface)) == -1)
data/dnsmasq-2.82/src/auth.c:74:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name);
data/dnsmasq-2.82/src/auth.c:75:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t domainlen = strlen(zone->domain);
data/dnsmasq-2.82/src/auth.c:232:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, ".");
data/dnsmasq-2.82/src/auth.c:524:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(test) > wclen && !cname_wildcard)
data/dnsmasq-2.82/src/auth.c:526:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wclen = strlen(test);
data/dnsmasq-2.82/src/auth.c:535:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (hostname_isequal(a->alias, name) && strlen(a->alias) > wclen)
data/dnsmasq-2.82/src/auth.c:538:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wclen = strlen(a->alias);
data/dnsmasq-2.82/src/auth.c:548:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, ".");
data/dnsmasq-2.82/src/auth.c:766:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, ".");
data/dnsmasq-2.82/src/cache.c:595:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && (strlen(name) > SMALLDNAME-1))
data/dnsmasq-2.82/src/cache.c:674:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t m = strlen(name);
data/dnsmasq-2.82/src/cache.c:1042:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) == '#')
data/dnsmasq-2.82/src/cache.c:1044:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/dnsmasq-2.82/src/cache.c:1066:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(f)) == EOF)
data/dnsmasq-2.82/src/cache.c:1147:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 2 + strlen(domain_suffix))))
data/dnsmasq-2.82/src/cache.c:1147:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 2 + strlen(domain_suffix))))
data/dnsmasq-2.82/src/cache.c:1150:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cache->name.sname, ".");
data/dnsmasq-2.82/src/cache.c:1157:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 1)))
data/dnsmasq-2.82/src/cache.c:1650:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buff+1);
data/dnsmasq-2.82/src/cache.c:1722:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(n) == 0 && !(cache->flags & F_REVERSE))
data/dnsmasq-2.82/src/cache.c:1827:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(types);
data/dnsmasq-2.82/src/cache.c:1834:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(desc);
data/dnsmasq-2.82/src/cache.c:1969:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 0)
data/dnsmasq-2.82/src/dbus.c:286:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || !strlen (str))
data/dnsmasq-2.82/src/dbus.c:296:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dup = str_domain = whine_malloc(strlen(str)+1)))
data/dnsmasq-2.82/src/dbus.c:348:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || !strlen (str))
data/dnsmasq-2.82/src/dbus.c:358:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dup = str_addr = whine_malloc(strlen(str)+1)))
data/dnsmasq-2.82/src/dbus.c:651:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(introspection_xml = whine_malloc(strlen(introspection_xml_template) + strlen(daemon->dbus_name))))
data/dnsmasq-2.82/src/dbus.c:651:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(introspection_xml = whine_malloc(strlen(introspection_xml_template) + strlen(daemon->dbus_name))))
data/dnsmasq-2.82/src/dhcp-common.c:204:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dot+1) != 0)
data/dnsmasq-2.82/src/dhcp-common.c:226:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (s, netid->net, (MAXDNAME-1) - strlen(s));
data/dnsmasq-2.82/src/dhcp-common.c:226:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (s, netid->net, (MAXDNAME-1) - strlen(s));
data/dnsmasq-2.82/src/dhcp-common.c:228:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (s, ", ", (MAXDNAME-1) - strlen(s));
data/dnsmasq-2.82/src/dhcp-common.c:228:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat (s, ", ", (MAXDNAME-1) - strlen(s));
data/dnsmasq-2.82/src/dhcp-common.c:545:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(device)+1;
data/dnsmasq-2.82/src/dhcp-common.c:764:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, ", ", buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:764:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, ", ", buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:768:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, daemon->addrbuff, buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:768:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, daemon->addrbuff, buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:850:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, "...", buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:850:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, "...", buf_len - strlen(buf));
data/dnsmasq-2.82/src/dhcp-common.c:887:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/dnsmasq-2.82/src/dhcp-common.c:917:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(daemon->dhcp_buff, context->template_interface, DHCP_BUFF_SZ);
data/dnsmasq-2.82/src/dhcp.c:903:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1]))
data/dnsmasq-2.82/src/dhcp.c:903:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1]))
data/dnsmasq-2.82/src/dhcp.c:904:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen(buff)-1] = 0;
data/dnsmasq-2.82/src/dhcp.c:1041:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dot && strlen(dot+1) != 0)
data/dnsmasq-2.82/src/dnsmasq.c:92:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022); /* known umask, create leases and pid files as 0644 */
data/dnsmasq-2.82/src/dnsmasq.c:659:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
data/dnsmasq-2.82/src/dnsmasq.c:1305:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev.msg_sz = msg ? strlen(msg) : 0;
data/dnsmasq-2.82/src/dnssec.c:1019:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa = ea = (char *)a + strlen(a);
data/dnsmasq-2.82/src/dnssec.c:1020:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sb = eb = (char *)b + strlen(b);
data/dnsmasq-2.82/src/dnssec.c:1654:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_start = strlen(name); /* for when TA is root */
data/dnsmasq-2.82/src/domain.c:193:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN);
data/dnsmasq-2.82/src/domain.c:195:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inet_ntop(AF_INET, &addr->addr4, name + strlen(name), ADDRSTRLEN);
data/dnsmasq-2.82/src/domain.c:220:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, c->prefix, MAXDNAME - ADDRSTRLEN);
data/dnsmasq-2.82/src/domain.c:222:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inet_ntop(AF_INET6, &addr->addr6, name + strlen(name), ADDRSTRLEN);
data/dnsmasq-2.82/src/edns0.c:287:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace);
data/dnsmasq-2.82/src/edns0.c:428:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *)daemon->dns_client_id, strlen(daemon->dns_client_id), 0, 1);
data/dnsmasq-2.82/src/forward.c:117:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int namelen = strlen(qdomain);
data/dnsmasq-2.82/src/forward.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int domainlen = strlen(serv->domain);
data/dnsmasq-2.82/src/forward.c:593:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int namelen = strlen(daemon->namebuff);
data/dnsmasq-2.82/src/forward.c:597:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int domainlen = strlen(ipset_pos->domain);
data/dnsmasq-2.82/src/helper.c:248:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, ":");
data/dnsmasq-2.82/src/helper.c:265:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, ":");
data/dnsmasq-2.82/src/helper.c:277:8: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, ":");
data/dnsmasq-2.82/src/helper.c:374:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data.interface) != 0)
data/dnsmasq-2.82/src/helper.c:511:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(daemon->packet);
data/dnsmasq-2.82/src/helper.c:565:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_setenv("DNSMASQ_INTERFACE", strlen(data.interface) != 0 ? data.interface : NULL, &err);
data/dnsmasq-2.82/src/helper.c:756:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_len = strlen(hostname) + 1;
data/dnsmasq-2.82/src/helper.c:818:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(filename) + 1;
data/dnsmasq-2.82/src/inotify.c:72:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_buf = safe_malloc((d - path) + strlen(buf) + 2);
data/dnsmasq-2.82/src/inotify.c:102:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *d, *new_path, *path = safe_malloc(strlen(res->name) + 1);
data/dnsmasq-2.82/src/inotify.c:175:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lendir = strlen(ah->fname);
data/dnsmasq-2.82/src/inotify.c:176:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lenfile = strlen(ent->d_name);
data/dnsmasq-2.82/src/inotify.c:189:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/dnsmasq-2.82/src/inotify.c:223:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR);
data/dnsmasq-2.82/src/inotify.c:235:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (in->len == 0 || (namelen = strlen(in->name)) == 0 ||
data/dnsmasq-2.82/src/inotify.c:248:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lendir = strlen(ah->fname);
data/dnsmasq-2.82/src/inotify.c:254:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/dnsmasq-2.82/src/ipset.c:110:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(setname) >= IPSET_MAXNAMELEN)
data/dnsmasq-2.82/src/ipset.c:131:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_attr(nlh, IPSET_ATTR_SETNAME, strlen(setname) + 1, setname);
data/dnsmasq-2.82/src/ipset.c:169:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(setname) >= sizeof(req_adt_get.set.name))
data/dnsmasq-2.82/src/lease.c:44:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while ((items=fscanf(leasestream, "%255s %255s", daemon->dhcp_buff3, daemon->dhcp_buff2)) == 2)
data/dnsmasq-2.82/src/lease.c:61:6: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (fscanf(leasestream, " %64s %255s %764s",
data/dnsmasq-2.82/src/lease.c:977:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((new_name = whine_malloc(strlen(name) + 1)))
data/dnsmasq-2.82/src/lease.c:980:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (domain && (new_fqdn = whine_malloc(strlen(new_name) + strlen(domain) + 2)))
data/dnsmasq-2.82/src/lease.c:980:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (domain && (new_fqdn = whine_malloc(strlen(new_name) + strlen(domain) + 2)))
data/dnsmasq-2.82/src/lease.c:983:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_fqdn, ".");
data/dnsmasq-2.82/src/log.c:232:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logaddr.sun_len = sizeof(logaddr) - sizeof(logaddr.sun_path) + strlen(_PATH_LOG) + 1;
data/dnsmasq-2.82/src/loop.c:73:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p++ = strlen(LOOP_TEST_DOMAIN);
data/dnsmasq-2.82/src/loop.c:75:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(LOOP_TEST_DOMAIN) + 1;
data/dnsmasq-2.82/src/loop.c:94:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(LOOP_TEST_DOMAIN) + 9 != strlen(query) ||
data/dnsmasq-2.82/src/loop.c:94:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(LOOP_TEST_DOMAIN) + 9 != strlen(query) ||
data/dnsmasq-2.82/src/network.c:410:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lo->name = whine_malloc(strlen(ifr.ifr_name)+1)))
data/dnsmasq-2.82/src/network.c:472:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((iface->name = whine_malloc(strlen(ifr.ifr_name)+1)))
data/dnsmasq-2.82/src/network.c:1330:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (intname && strlen(intname) != 0)
data/dnsmasq-2.82/src/network.c:1411:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(daemon->namebuff, " ");
data/dnsmasq-2.82/src/network.c:1496:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (domain && !(domain_str = whine_malloc(strlen(domain)+1)))
data/dnsmasq-2.82/src/network.c:1641:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(serv->domain) == 0)
data/dnsmasq-2.82/src/option.c:588:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp && (len = strlen(cp)) != 0)
data/dnsmasq-2.82/src/option.c:693:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(txt);
data/dnsmasq-2.82/src/option.c:789:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!arg || strlen(arg) == 0)
data/dnsmasq-2.82/src/option.c:1285:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (found_dig && (opt_len & OT_TIME) && strlen(comma) > 0)
data/dnsmasq-2.82/src/option.c:1289:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (comma[strlen(comma) - 1])
data/dnsmasq-2.82/src/option.c:1309:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comma[strlen(comma) - 1] = 0;
data/dnsmasq-2.82/src/option.c:1409:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > 1 && cp[strlen(cp)-1] == ']')
data/dnsmasq-2.82/src/option.c:1409:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > 1 && cp[strlen(cp)-1] == ']')
data/dnsmasq-2.82/src/option.c:1410:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = 0;
data/dnsmasq-2.82/src/option.c:1447:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domlen = strlen(dom) + 2;
data/dnsmasq-2.82/src/option.c:1508:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newp = opt_malloc(strlen(comma)+(2*commas));
data/dnsmasq-2.82/src/option.c:1515:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u16 len = strlen(arg);
data/dnsmasq-2.82/src/option.c:1542:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newp = opt_malloc(len + header_size + strlen(dom) + 2);
data/dnsmasq-2.82/src/option.c:1572:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = strlen(comma);
data/dnsmasq-2.82/src/option.c:1712:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) != 0)
data/dnsmasq-2.82/src/option.c:1743:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(ent->d_name);
data/dnsmasq-2.82/src/option.c:1758:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ls = strlen(li->name);
data/dnsmasq-2.82/src/option.c:1770:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ls = strlen(li->name);
data/dnsmasq-2.82/src/option.c:1778:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = opt_malloc(strlen(directory) + len + 2);
data/dnsmasq-2.82/src/option.c:1780:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/dnsmasq-2.82/src/option.c:2264:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN)
data/dnsmasq-2.82/src/option.c:2311:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN)
data/dnsmasq-2.82/src/option.c:2364:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN)
data/dnsmasq-2.82/src/option.c:2567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (arg) != 0 && !(domain = canonicalise_opt(arg)))
data/dnsmasq-2.82/src/option.c:2702:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(arg) != 0 && !(domain = canonicalise_opt(arg)))
data/dnsmasq-2.82/src/option.c:2917:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(comma = split(arg)) || strlen(arg) > IF_NAMESIZE - 1 )
data/dnsmasq-2.82/src/option.c:2936:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) != 0 && strlen(arg) <= IF_NAMESIZE - 1)
data/dnsmasq-2.82/src/option.c:2936:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) != 0 && strlen(arg) <= IF_NAMESIZE - 1)
data/dnsmasq-2.82/src/option.c:3200:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a[leasepos]) > 0)
data/dnsmasq-2.82/src/option.c:3202:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (a[leasepos][strlen(a[leasepos]) - 1])
data/dnsmasq-2.82/src/option.c:3222:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a[leasepos][strlen(a[leasepos]) - 1] = 0;
data/dnsmasq-2.82/src/option.c:3283:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(arg);
data/dnsmasq-2.82/src/option.c:3311:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (arg[0] == '[' && arg[strlen(arg)-1] == ']')
data/dnsmasq-2.82/src/option.c:3317:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg[strlen(arg)-1] = 0;
data/dnsmasq-2.82/src/option.c:3398:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > 1)
data/dnsmasq-2.82/src/option.c:3400:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastp = arg + strlen(arg) - 1;
data/dnsmasq-2.82/src/option.c:3497:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(arg);
data/dnsmasq-2.82/src/option.c:3557:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(comma = split(arg)) || (len = strlen(comma)) == 0)
data/dnsmasq-2.82/src/option.c:3671:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = strlen(arg) + 1;
data/dnsmasq-2.82/src/option.c:3832:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = strlen(comma);
data/dnsmasq-2.82/src/option.c:3838:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = parse_hex(comma, (unsigned char *)comma, strlen(comma), NULL, NULL);
data/dnsmasq-2.82/src/option.c:4019:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
daemon->duid_config_len = parse_hex(comma,(unsigned char *)comma, strlen(comma), NULL, NULL);
data/dnsmasq-2.82/src/option.c:4117:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int arglen = strlen(arg);
data/dnsmasq-2.82/src/option.c:4268:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = strlen(tag) + strlen(value) + 2;
data/dnsmasq-2.82/src/option.c:4268:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->len = strlen(tag) + strlen(value) + 2;
data/dnsmasq-2.82/src/option.c:4271:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->txt[1] = strlen(tag);
data/dnsmasq-2.82/src/option.c:4272:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&new->txt[2], tag, strlen(tag));
data/dnsmasq-2.82/src/option.c:4273:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&new->txt[2 + strlen(tag)], value, strlen(value));
data/dnsmasq-2.82/src/option.c:4273:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&new->txt[2 + strlen(tag)], value, strlen(value));
data/dnsmasq-2.82/src/option.c:4296:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = comma ? strlen(comma) : 0;
data/dnsmasq-2.82/src/option.c:4510:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (2*strlen(keyhex))+1;
data/dnsmasq-2.82/src/option.c:4571:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1)+1);
data/dnsmasq-2.82/src/option.c:4587:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1)+1);
data/dnsmasq-2.82/src/option.c:4598:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1)+1);
data/dnsmasq-2.82/src/option.c:4622:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(start); (len != 0) && (start[len-1] == ' '); len--);
data/dnsmasq-2.82/src/option.c:4666:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file);
data/dnsmasq-2.82/src/option.c:4797:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lendir = strlen(ah->fname);
data/dnsmasq-2.82/src/option.c:4798:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lenfile = strlen(ent->d_name);
data/dnsmasq-2.82/src/option.c:4816:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lendir < strlen(ah1->fname) &&
data/dnsmasq-2.82/src/option.c:4839:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/dnsmasq-2.82/src/option.c:5062:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) >= argbuf_size)
data/dnsmasq-2.82/src/option.c:5065:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argbuf_size = strlen(optarg) + 1;
data/dnsmasq-2.82/src/option.c:5294:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff, ".");
data/dnsmasq-2.82/src/outpacket.c:115:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
put_opt6(s, strlen(s));
data/dnsmasq-2.82/src/rfc1035.c:153:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(namein) > MAXARPANAME)
data/dnsmasq-2.82/src/rfc1035.c:183:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
data/dnsmasq-2.82/src/rfc1035.c:232:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
data/dnsmasq-2.82/src/rfc1035.c:825:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */
data/dnsmasq-2.82/src/rfc1035.c:1264:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usval = sval ? strlen(sval) : 0;
data/dnsmasq-2.82/src/rfc1035.c:1621:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int namelen = strlen(name);
data/dnsmasq-2.82/src/rfc1035.c:1633:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domainlen = strlen(serv->domain);
data/dnsmasq-2.82/src/rfc2131.c:731:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nl = strlen(client_hostname);
data/dnsmasq-2.82/src/rfc2131.c:737:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ml = strlen(m->name);
data/dnsmasq-2.82/src/rfc2131.c:773:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(client_hostname) != 0)
data/dnsmasq-2.82/src/rfc2131.c:1427:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0);
data/dnsmasq-2.82/src/rfc2131.c:1844:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (option_bool(OPT_LOG_OPTS) && strlen((char *)mess->file) != 0)
data/dnsmasq-2.82/src/rfc2131.c:1853:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (option_bool(OPT_LOG_OPTS) && strlen((char *)mess->sname) != 0)
data/dnsmasq-2.82/src/rfc2131.c:1954:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/dnsmasq-2.82/src/rfc2131.c:2031:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)dopt->u.vendor_class);
data/dnsmasq-2.82/src/rfc2131.c:2204:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(service->menu);
data/dnsmasq-2.82/src/rfc2131.c:2352:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(s) != 0 ? ":" : "",
data/dnsmasq-2.82/src/rfc2131.c:2523:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hostname) + 3;
data/dnsmasq-2.82/src/rfc2131.c:2531:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(domain) + 1;
data/dnsmasq-2.82/src/rfc2131.c:2552:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p, hostname, strlen(hostname));
data/dnsmasq-2.82/src/rfc2131.c:2553:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(hostname);
data/dnsmasq-2.82/src/rfc2131.c:2557:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p, domain, strlen(domain));
data/dnsmasq-2.82/src/rfc2131.c:2558:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(domain);
data/dnsmasq-2.82/src/rfc3315.c:494:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nl = strlen(daemon->dhcp_buff);
data/dnsmasq-2.82/src/rfc3315.c:503:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ml = strlen(m->name);
data/dnsmasq-2.82/src/rfc3315.c:541:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(state->client_hostname) != 0)
data/dnsmasq-2.82/src/rfc3315.c:1451:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(state->hostname);
data/dnsmasq-2.82/src/rfc3315.c:1454:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(state->send_domain) + 2;
data/dnsmasq-2.82/src/rfc3315.c:1481:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(s) != 0 ? ":" : "",
data/dnsmasq-2.82/src/rfc3315.c:1865:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lease_add_extradata(lease, (unsigned char *)daemon->dhcp_buff2, strlen(daemon->dhcp_buff2), 0);
data/dnsmasq-2.82/src/rfc3315.c:1876:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->client_hostname ? strlen(state->client_hostname) : 0, 0);
data/dnsmasq-2.82/src/rfc3315.c:1884:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lease_add_extradata(lease, (unsigned char *)context->netid.net, strlen(context->netid.net), tagif ? ' ' : 0);
data/dnsmasq-2.82/src/rfc3315.c:1897:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lease_add_extradata(lease, (unsigned char *)n->net, strlen(n->net), n->next ? ' ' : 0);
data/dnsmasq-2.82/src/rfc3315.c:1905:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lease_add_extradata(lease, (unsigned char *)daemon->addrbuff, state->link_address ? strlen(daemon->addrbuff) : 0, 0);
data/dnsmasq-2.82/src/rfc3315.c:2001:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(daemon->dhcp_buff2, " ");
data/dnsmasq-2.82/src/tables.c:80:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(setname) >= PF_TABLE_NAME_SIZE)
data/dnsmasq-2.82/src/tftp.c:405:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(daemon->namebuff, "/");
data/dnsmasq-2.82/src/tftp.c:410:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(daemon->namebuff, prefix, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:410:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(daemon->namebuff, prefix, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:411:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prefix[strlen(prefix)-1] != '/')
data/dnsmasq-2.82/src/tftp.c:412:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:412:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:416:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldlen = strlen(daemon->namebuff);
data/dnsmasq-2.82/src/tftp.c:419:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(daemon->namebuff, daemon->addrbuff, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:419:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(daemon->namebuff, daemon->addrbuff, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:420:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:420:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:448:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldlen = strlen(daemon->namebuff);
data/dnsmasq-2.82/src/tftp.c:471:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:471:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff));
data/dnsmasq-2.82/src/tftp.c:549:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(file = whine_malloc(sizeof(struct tftp_file) + strlen(namebuff) + 1)))
data/dnsmasq-2.82/src/tftp.c:711:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len = strlen(ret)) == 0)
data/dnsmasq-2.82/src/util.c:123:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dotgap = 0, l = strlen(in);
data/dnsmasq-2.82/src/util.c:239:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = whine_malloc(strlen(in)+1)))
data/dnsmasq-2.82/src/util.c:297:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, size-1);
data/dnsmasq-2.82/src/util.c:496:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN)
data/dnsmasq-2.82/src/util.c:496:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buf) + strlen(name) + 2 <= ADDRSTRLEN)
data/dnsmasq-2.82/src/util.c:498:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "%");
data/dnsmasq-2.82/src/util.c:696:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, &packet[done], (size_t)(size - done));
ANALYSIS SUMMARY:
Hits = 647
Lines analyzed = 40840 in approximately 1.04 seconds (39109 lines/second)
Physical Source Lines of Code (SLOC) = 31131
Hits@level = [0] 64 [1] 225 [2] 329 [3] 3 [4] 85 [5] 5
Hits@level+ = [0+] 711 [1+] 647 [2+] 422 [3+] 93 [4+] 90 [5+] 5
Hits/KSLOC@level+ = [0+] 22.839 [1+] 20.7831 [2+] 13.5556 [3+] 2.98738 [4+] 2.89101 [5+] 0.160612
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.