Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fence-agents-4.6.0/agents/kdump/fence_kdump.c
Examining data/fence-agents-4.6.0/agents/kdump/fence_kdump_send.c
Examining data/fence-agents-4.6.0/agents/kdump/list.h
Examining data/fence-agents-4.6.0/agents/kdump/message.h
Examining data/fence-agents-4.6.0/agents/kdump/options.h
Examining data/fence-agents-4.6.0/agents/kdump/version.h
Examining data/fence-agents-4.6.0/agents/zvm/fence_zvm.c
Examining data/fence-agents-4.6.0/agents/zvm/fence_zvm.h
Examining data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c
FINAL RESULTS:
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:46:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout, "[debug]: " fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:47:9: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog (LOG_INFO, fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:54:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "[error]: " fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:55:9: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog (LOG_ERR, fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump_send.c:46:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout, "[debug]: " fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump_send.c:52:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "[error]: " fmt, ##args); \
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:427:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long (argc, argv, "n:p:f:o:t:v::Vh", options, NULL)) != EOF) {
data/fence-agents-4.6.0/agents/kdump/fence_kdump_send.c:170:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long (argc, argv, "p:f:c:i:v::Vh", options, NULL)) != EOF) {
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:782:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optString, longopts, NULL)) != -1) {
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:751:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optString, longopts, NULL)) != -1) {
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST];
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[NI_MAXSERV];
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:126:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procFile = fopen(cmdline_path, "r");
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/fence-agents-4.6.0/agents/kdump/options.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FENCE_KDUMP_NAME_LEN];
data/fence-agents-4.6.0/agents/kdump/options.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[FENCE_KDUMP_ADDR_LEN];
data/fence-agents-4.6.0/agents/kdump/options.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[FENCE_KDUMP_PORT_LEN];
data/fence-agents-4.6.0/agents/kdump/options.h:163:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts->ipport = atoi (arg);
data/fence-agents-4.6.0/agents/kdump/options.h:206:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts->count = atoi (arg);
data/fence-agents-4.6.0/agents/kdump/options.h:217:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts->interval = atoi (arg);
data/fence-agents-4.6.0/agents/kdump/options.h:228:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts->timeout = atoi (arg);
data/fence-agents-4.6.0/agents/kdump/options.h:240:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts->verbose = atoi (arg);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iucvprog[9] = "DMSRSRQU\0";
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:107:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&siucv_addr.siucv_user_id,zvm->smapiSrv,strlen(zvm->smapiSrv));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:108:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&siucv_addr.siucv_name,&iucvprog,8);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:109:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&siucv_addr.siucv_nodeid,zvm->node,strlen(zvm->node));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[13];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inPlist->target, zvm->target, inPlist->lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[16];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forceTime[5];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inPlist->target, zvm->target, inPlist->lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[14];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:305:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inPlist->target, zvm->target, inPlist->lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[18];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inPlist->target, zvm->target, inPlist->lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[64];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:559:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fName, inParm->fName, inParm->lFName);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024],
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->smapiSrv, arg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:748:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->node, arg, lSrvNode);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->target, optarg, lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:809:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->smapiSrv, optarg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:831:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->node, optarg, lSrvNode);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[0]; /* Start of array output */
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char share[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char share[5];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuStruct[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuId[16];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devStruct[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[9];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authUser[9];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authPass[9];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[9];
data/fence-agents-4.6.0/agents/zvm/fence_zvm.h:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smapiSrv[128];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[13];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userId[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[16];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userId[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forceTime[5];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:279:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[14];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userId[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[18];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameArray[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:452:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inPlist->target, zvm->target, inPlist->lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[0];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[64];
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:612:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fName, inParm->fName, inParm->lFName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:658:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024],
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:706:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->smapiSrv, arg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:710:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->authUser, arg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:714:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->authPass, arg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:755:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->smapiSrv, optarg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->target, optarg, lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:782:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->authPass, optarg, lSrvName);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zvm->authUser, optarg, lSrvName);
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:67:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:79:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (str, p, strlen (p) + 1);
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:81:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (str));
data/fence-agents-4.6.0/agents/kdump/fence_kdump.c:355:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->name, opts->nodename, sizeof (node->name) - 1);
data/fence-agents-4.6.0/agents/kdump/fence_kdump_send.c:119:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (node->name, opts->nodename, sizeof (node->name) - 1);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:107:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&siucv_addr.siucv_user_id,zvm->smapiSrv,strlen(zvm->smapiSrv));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:109:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&siucv_addr.siucv_nodeid,zvm->node,strlen(zvm->node));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:157:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:164:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inPlist->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:238:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + strlen(zvm->target) + sizeof(*deactTime);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:244:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deactTime = (void *) ((intptr_t) inPlist + sizeof(*inPlist) + strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:248:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inPlist->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:318:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:325:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inPlist->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:392:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:399:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inPlist->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:580:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:592:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, p, strlen (p) + 1);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:594:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (str));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:731:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:735:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lTarget = MIN(strlen(arg), sizeof(zvm->target)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:736:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zvm->target, arg, lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:747:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvNode = MIN(strlen(arg), sizeof(zvm->node));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:785:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lTarget = MIN(strlen(optarg), sizeof(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:808:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(optarg), sizeof(zvm->smapiSrv));
data/fence-agents-4.6.0/agents/zvm/fence_zvm.c:830:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvNode = MIN(strlen(optarg), sizeof(zvm->node));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:162:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:163:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:164:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:169:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:171:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:175:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authUser->lAuthUser = strlen(zvm->authUser);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:176:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:177:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authPass->lAuthPass = strlen(zvm->authPass);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:178:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:179:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
image->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:180:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:180:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:261:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:262:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:263:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*deactTime) + strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:268:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:270:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:272:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:276:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authUser->lAuthUser = strlen(zvm->authUser);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:277:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:278:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authPass->lAuthPass = strlen(zvm->authPass);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:279:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:280:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
image->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:281:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:360:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:361:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) +
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:362:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:367:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:369:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:373:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authUser->lAuthUser = strlen(zvm->authUser);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:374:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:375:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authPass->lAuthPass = strlen(zvm->authPass);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:376:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:377:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
image->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:378:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(image->target, zvm->target, strlen(zvm->target));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:444:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lInPlist = sizeof(*inPlist) + strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:451:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inPlist->lTarget = strlen(zvm->target);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:633:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:645:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, p, strlen (p) + 1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:647:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (str));
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:705:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:709:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(arg), sizeof(zvm->authUser)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:713:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(arg), sizeof(zvm->authPass)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:717:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lTarget = MIN(strlen(arg), sizeof(zvm->target)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:718:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zvm->target, arg, lTarget);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:754:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(optarg), sizeof(zvm->smapiSrv)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:758:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lTarget = MIN(strlen(optarg), sizeof(zvm->target)-1);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:781:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(optarg), 8);
data/fence-agents-4.6.0/agents/zvm/fence_zvmip.c:785:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lSrvName = MIN(strlen(optarg), 8);
ANALYSIS SUMMARY:
Hits = 179
Lines analyzed = 4246 in approximately 0.21 seconds (19812 lines/second)
Physical Source Lines of Code (SLOC) = 3175
Hits@level = [0] 271 [1] 75 [2] 94 [3] 4 [4] 6 [5] 0
Hits@level+ = [0+] 450 [1+] 179 [2+] 104 [3+] 10 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 141.732 [1+] 56.378 [2+] 32.7559 [3+] 3.14961 [4+] 1.88976 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.