Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gadmin-proftpd-0.4.2/src/widgets.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_buttons.c
Examining data/gadmin-proftpd-0.4.2/src/populate_conf_tab.c
Examining data/gadmin-proftpd-0.4.2/src/create_import_window.h
Examining data/gadmin-proftpd-0.4.2/src/create_server_tab.h
Examining data/gadmin-proftpd-0.4.2/src/apply_server_settings.c
Examining data/gadmin-proftpd-0.4.2/src/functions.h
Examining data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.h
Examining data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.h
Examining data/gadmin-proftpd-0.4.2/src/widgets.h
Examining data/gadmin-proftpd-0.4.2/src/file_chooser.c
Examining data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/delete_server.h
Examining data/gadmin-proftpd-0.4.2/src/commands.c
Examining data/gadmin-proftpd-0.4.2/src/populate_gadmin_proftpd.c
Examining data/gadmin-proftpd-0.4.2/src/shutdown_ok_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/osx_functions.c
Examining data/gadmin-proftpd-0.4.2/src/system_defines.h
Examining data/gadmin-proftpd-0.4.2/src/status_update.h
Examining data/gadmin-proftpd-0.4.2/src/clear_file_tab.c
Examining data/gadmin-proftpd-0.4.2/src/add_server.h
Examining data/gadmin-proftpd-0.4.2/src/create_security_tab.c
Examining data/gadmin-proftpd-0.4.2/src/delete_user.c
Examining data/gadmin-proftpd-0.4.2/src/chars_are_digits.c
Examining data/gadmin-proftpd-0.4.2/src/status_update.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_spinbuttons.c
Examining data/gadmin-proftpd-0.4.2/src/create_server_tab.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_entries.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_combos.c
Examining data/gadmin-proftpd-0.4.2/src/create_user_settings.h
Examining data/gadmin-proftpd-0.4.2/src/create_disc_tab.h
Examining data/gadmin-proftpd-0.4.2/src/create_transfer_tab.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_hseparators.h
Examining data/gadmin-proftpd-0.4.2/src/create_transfer_tab.c
Examining data/gadmin-proftpd-0.4.2/src/credits_window.h
Examining data/gadmin-proftpd-0.4.2/src/show_shutdown.h
Examining data/gadmin-proftpd-0.4.2/src/functions.c
Examining data/gadmin-proftpd-0.4.2/src/select_first_user.h
Examining data/gadmin-proftpd-0.4.2/src/create_conf_tab.c
Examining data/gadmin-proftpd-0.4.2/src/populate_servers.h
Examining data/gadmin-proftpd-0.4.2/src/create_main_window.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_combos.h
Examining data/gadmin-proftpd-0.4.2/src/create_conf_tab.h
Examining data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c
Examining data/gadmin-proftpd-0.4.2/src/select_first_user.c
Examining data/gadmin-proftpd-0.4.2/src/populate_disc_tab.h
Examining data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c
Examining data/gadmin-proftpd-0.4.2/src/chars_are_digits.h
Examining data/gadmin-proftpd-0.4.2/src/create_user_tab.h
Examining data/gadmin-proftpd-0.4.2/src/clear_security_tab.h
Examining data/gadmin-proftpd-0.4.2/src/populate_security_tab.c
Examining data/gadmin-proftpd-0.4.2/src/create_security_tab.h
Examining data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/deactivate_button_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/populate_server_settings.c
Examining data/gadmin-proftpd-0.4.2/src/create_user_settings.c
Examining data/gadmin-proftpd-0.4.2/src/populate_shell_combo.h
Examining data/gadmin-proftpd-0.4.2/src/shutdown_ok_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/populate_security_tab.h
Examining data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/populate_server_settings.h
Examining data/gadmin-proftpd-0.4.2/src/populate_file_tab.c
Examining data/gadmin-proftpd-0.4.2/src/import_functions.h
Examining data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/populate_users.c
Examining data/gadmin-proftpd-0.4.2/src/populate_servers.c
Examining data/gadmin-proftpd-0.4.2/src/populate_users.h
Examining data/gadmin-proftpd-0.4.2/src/save_conf_tab.c
Examining data/gadmin-proftpd-0.4.2/src/save_conf_tab.h
Examining data/gadmin-proftpd-0.4.2/src/allocate.h
Examining data/gadmin-proftpd-0.4.2/src/support.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_progressbars.c
Examining data/gadmin-proftpd-0.4.2/src/select_first_server.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_checkbuttons.c
Examining data/gadmin-proftpd-0.4.2/src/generate_cert.h
Examining data/gadmin-proftpd-0.4.2/src/gettext.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_entries.c
Examining data/gadmin-proftpd-0.4.2/src/add_server.c
Examining data/gadmin-proftpd-0.4.2/src/apply_server_settings.h
Examining data/gadmin-proftpd-0.4.2/src/apply_button_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/show_info.h
Examining data/gadmin-proftpd-0.4.2/src/standard_conf.h
Examining data/gadmin-proftpd-0.4.2/src/select_first_server.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_labels.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_checkbuttons.h
Examining data/gadmin-proftpd-0.4.2/src/apply_user.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_buttons.h
Examining data/gadmin-proftpd-0.4.2/src/clear_file_tab.h
Examining data/gadmin-proftpd-0.4.2/src/support.c
Examining data/gadmin-proftpd-0.4.2/src/populate_file_tab.h
Examining data/gadmin-proftpd-0.4.2/src/add_user.c
Examining data/gadmin-proftpd-0.4.2/src/delete_user.h
Examining data/gadmin-proftpd-0.4.2/src/clear_security_tab.c
Examining data/gadmin-proftpd-0.4.2/src/add_standard_users.c
Examining data/gadmin-proftpd-0.4.2/src/allocate.c
Examining data/gadmin-proftpd-0.4.2/src/generate_cert.c
Examining data/gadmin-proftpd-0.4.2/src/populate_conf_tab.h
Examining data/gadmin-proftpd-0.4.2/src/create_server_settings.c
Examining data/gadmin-proftpd-0.4.2/src/populate_user_settings.h
Examining data/gadmin-proftpd-0.4.2/src/create_del_system_user_question.h
Examining data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/activate_button_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/set_version.h
Examining data/gadmin-proftpd-0.4.2/src/create_file_tab.h
Examining data/gadmin-proftpd-0.4.2/src/create_server_settings.h
Examining data/gadmin-proftpd-0.4.2/src/user_treeview_row_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/add_standard_users.h
Examining data/gadmin-proftpd-0.4.2/src/create_disc_tab.c
Examining data/gadmin-proftpd-0.4.2/src/import_functions.c
Examining data/gadmin-proftpd-0.4.2/src/create_del_system_user_question.c
Examining data/gadmin-proftpd-0.4.2/src/populate_gadmin_proftpd.h
Examining data/gadmin-proftpd-0.4.2/src/delete_server.c
Examining data/gadmin-proftpd-0.4.2/src/kick_button_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c
Examining data/gadmin-proftpd-0.4.2/src/deactivate_button_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/make_settings_hseparators.c
Examining data/gadmin-proftpd-0.4.2/src/apply_user.h
Examining data/gadmin-proftpd-0.4.2/src/reread_conf.h
Examining data/gadmin-proftpd-0.4.2/src/commands.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_spinbuttons.h
Examining data/gadmin-proftpd-0.4.2/src/get_option_pos.c
Examining data/gadmin-proftpd-0.4.2/src/apply_button_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/add_user.h
Examining data/gadmin-proftpd-0.4.2/src/set_version.c
Examining data/gadmin-proftpd-0.4.2/src/file_chooser.h
Examining data/gadmin-proftpd-0.4.2/src/create_file_tab.c
Examining data/gadmin-proftpd-0.4.2/src/populate_user_settings.c
Examining data/gadmin-proftpd-0.4.2/src/create_import_window.c
Examining data/gadmin-proftpd-0.4.2/src/commented.h
Examining data/gadmin-proftpd-0.4.2/src/activate_button_clicked.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_labels.c
Examining data/gadmin-proftpd-0.4.2/src/credits_window.c
Examining data/gadmin-proftpd-0.4.2/src/user_treeview_row_clicked.c
Examining data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c
Examining data/gadmin-proftpd-0.4.2/src/commented.c
Examining data/gadmin-proftpd-0.4.2/src/get_option_pos.h
Examining data/gadmin-proftpd-0.4.2/src/make_settings_progressbars.h
Examining data/gadmin-proftpd-0.4.2/src/create_user_tab.c
Examining data/gadmin-proftpd-0.4.2/src/reread_conf.c
Examining data/gadmin-proftpd-0.4.2/src/system_defines.c
Examining data/gadmin-proftpd-0.4.2/src/show_shutdown.c
Examining data/gadmin-proftpd-0.4.2/src/show_help.h
Examining data/gadmin-proftpd-0.4.2/src/gprostats.c
Examining data/gadmin-proftpd-0.4.2/src/create_main_window.c
Examining data/gadmin-proftpd-0.4.2/src/show_info.c
Examining data/gadmin-proftpd-0.4.2/src/show_help.c
Examining data/gadmin-proftpd-0.4.2/src/standard_conf.c
FINAL RESULTS:
data/gadmin-proftpd-0.4.2/src/add_user.c:544:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, homedir);
data/gadmin-proftpd-0.4.2/src/add_user.c:547:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, username);
data/gadmin-proftpd-0.4.2/src/add_user.c:549:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, group);
data/gadmin-proftpd-0.4.2/src/add_user.c:560:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, max_logins);
data/gadmin-proftpd-0.4.2/src/add_user.c:576:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, username);
data/gadmin-proftpd-0.4.2/src/add_user.c:578:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, fr);
data/gadmin-proftpd-0.4.2/src/add_user.c:580:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, frc);
data/gadmin-proftpd-0.4.2/src/add_user.c:582:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, br);
data/gadmin-proftpd-0.4.2/src/add_user.c:584:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, brc);
data/gadmin-proftpd-0.4.2/src/add_user.c:600:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, login_from);
data/gadmin-proftpd-0.4.2/src/add_user.c:640:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/add_user.c:646:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/add_user.c:652:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/add_user.c:660:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/add_user.c:685:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, username);
data/gadmin-proftpd-0.4.2/src/add_user.c:692:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/add_user.c:697:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, user_profile);
data/gadmin-proftpd-0.4.2/src/add_user.c:707:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, user_profile);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:171:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:173:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:261:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:264:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:269:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerName \"%s\"\n", server_name);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:270:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:277:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerIdent on \"%s\"\n", server_ident);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:279:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerIdent off \"%s\"\n", server_ident);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:281:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MasqueradeAddress %s\n", masquerade_address);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:291:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "#MasqueradeAddress %s\n", masquerade_address);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:295:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:300:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerAdmin %s\n", admin_email);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:301:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:306:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "Port %s\n", server_port);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:307:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:312:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "PassivePorts %s %s\n", passive_port_1, passive_port_2);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:313:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:318:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MaxInstances %s\n", max_connect);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:319:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:324:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutNoTransfer %s\n", idle_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:325:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:330:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutIdle %s\n", idle_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:331:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:343:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:354:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:359:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate RETR %s\n", download_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:360:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:365:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate STOR %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:366:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:371:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate STOU %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:372:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:377:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate APPE %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:378:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:389:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:400:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:411:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:416:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "User %s\n", server_user);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:417:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:422:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "Group %s\n", server_group);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:423:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:430:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeUser on %s\n", fake_username);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:432:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeUser off %s\n", fake_username);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:434:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:441:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeGroup on %s\n", fake_groupname);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:443:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeGroup off %s\n", fake_groupname);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:445:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:456:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:467:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:472:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MaxLoginAttempts %s\n", max_login_attempts);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:473:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:478:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutLogin %s\n", login_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:479:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:490:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:495:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "SystemLog %s\n", systemlog);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:496:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:508:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:527:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:538:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:543:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TLSProtocol %s\n", tls_protocols);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:544:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:549:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TLSLog %s\n", tls_logfile);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:550:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:563:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:574:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:577:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer); /* Gather all other values */
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:664:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, address_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:665:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, port_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:673:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, temp_server);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:674:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:679:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:721:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:725:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:731:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerName \"%s\"\n", server_name);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:732:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:739:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerIdent on \"%s\"\n", server_ident);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:741:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerIdent off \"%s\"\n", server_ident);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:743:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:750:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MasqueradeAddress %s\n", masquerade_address);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:753:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "#MasqueradeAddress %s\n", masquerade_address);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:757:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:762:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "ServerAdmin %s\n", admin_email);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:763:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:768:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "PassivePorts %s %s\n", passive_port_1, passive_port_2);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:769:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:774:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MaxInstances %s\n", max_connect);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:775:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:780:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutNoTransfer %s\n", idle_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:781:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:786:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutIdle %s\n", idle_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:787:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:799:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:810:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:815:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate RETR %s\n", download_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:816:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:821:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate STOR %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:822:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:827:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate STOU %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:828:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:833:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TransferRate APPE %s\n", upload_bandwidth);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:834:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:845:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:856:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:867:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:872:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "User %s\n", server_user);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:873:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:878:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "Group %s\n", server_group);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:879:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:886:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeUser on %s\n", fake_username);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:888:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeUser off %s\n", fake_username);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:890:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:897:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeGroup on %s\n", fake_groupname);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:899:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "DirFakeGroup off %s\n", fake_groupname);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:901:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:912:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:923:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:928:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "MaxLoginAttempts %s\n", max_login_attempts);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:929:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:934:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TimeoutLogin %s\n", login_timeout);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:935:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:946:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:951:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "SystemLog %s\n", systemlog);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:952:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:964:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:983:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:994:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1009:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conf_line, "TLSLog %s\n", tls_logfile);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1010:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1022:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1033:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, conf_line);
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1036:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer); /* Gather all other values */
data/gadmin-proftpd-0.4.2/src/apply_user.c:85:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/apply_user.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/apply_user.c:261:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, username);
data/gadmin-proftpd-0.4.2/src/apply_user.c:266:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, groupname);
data/gadmin-proftpd-0.4.2/src/apply_user.c:277:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, max_logins);
data/gadmin-proftpd-0.4.2/src/apply_user.c:295:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, username);
data/gadmin-proftpd-0.4.2/src/apply_user.c:297:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, fr);
data/gadmin-proftpd-0.4.2/src/apply_user.c:299:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, frc);
data/gadmin-proftpd-0.4.2/src/apply_user.c:301:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, br);
data/gadmin-proftpd-0.4.2/src/apply_user.c:303:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, brc);
data/gadmin-proftpd-0.4.2/src/apply_user.c:319:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, login_from);
data/gadmin-proftpd-0.4.2/src/apply_user.c:350:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/apply_user.c:352:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address_buffer, global_server_address);
data/gadmin-proftpd-0.4.2/src/apply_user.c:354:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/apply_user.c:378:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, line);
data/gadmin-proftpd-0.4.2/src/apply_user.c:385:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, line);
data/gadmin-proftpd-0.4.2/src/apply_user.c:415:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/apply_user.c:425:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, user_profile);
data/gadmin-proftpd-0.4.2/src/apply_user.c:450:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, new_buffer);
data/gadmin-proftpd-0.4.2/src/apply_user.c:453:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, line);
data/gadmin-proftpd-0.4.2/src/apply_user.c:459:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, line);
data/gadmin-proftpd-0.4.2/src/apply_user.c:532:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", temp_user);
data/gadmin-proftpd-0.4.2/src/apply_user.c:538:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, line);
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:99:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffy, old_buffy);
data/gadmin-proftpd-0.4.2/src/commands.c:47:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(command, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:57:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(info, line);
data/gadmin-proftpd-0.4.2/src/commands.c:72:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(command, "w"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:161:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(included_options, line);
data/gadmin-proftpd-0.4.2/src/commands.c:205:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(includes, line);
data/gadmin-proftpd-0.4.2/src/commands.c:223:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(includes, sub_includes);
data/gadmin-proftpd-0.4.2/src/commands.c:352:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(cmd,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_file_tab.c:50:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(cmd, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_file_tab.c:71:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(cmd, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_import_window.c:237:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:89:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, pam_module_off);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:90:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:93:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:152:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, directives);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:153:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:156:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/delete_server.c:62:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/delete_server.c:71:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/delete_server.c:121:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_vhost, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_server.c:127:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_vhost, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_server.c:140:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_vhost, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_server.c:151:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, temp_vhost);
data/gadmin-proftpd-0.4.2/src/delete_server.c:156:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:110:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(UserUsername, username);
data/gadmin-proftpd-0.4.2/src/delete_user.c:116:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(AllowuserName, username);
data/gadmin-proftpd-0.4.2/src/delete_user.c:132:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>", global_server_address);
data/gadmin-proftpd-0.4.2/src/delete_user.c:134:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address_buffer, global_server_address);
data/gadmin-proftpd-0.4.2/src/delete_user.c:136:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s", global_server_port);
data/gadmin-proftpd-0.4.2/src/delete_user.c:151:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:166:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:170:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:177:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:217:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user_settings, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:222:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_settings, old_buffer);
data/gadmin-proftpd-0.4.2/src/delete_user.c:234:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, user_settings);
data/gadmin-proftpd-0.4.2/src/delete_user.c:242:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(config, old_buffer);
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:394:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_profile, dir);
data/gadmin-proftpd-0.4.2/src/functions.c:75:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newbuf, "%s", buf);
data/gadmin-proftpd-0.4.2/src/functions.c:119:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempname, "%s", check_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:157:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempname, "%s", check_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:207:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempname, "%s", check_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:242:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempname, "%s", check_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:548:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, user_line);
data/gadmin-proftpd-0.4.2/src/functions.c:551:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/functions.c:639:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/functions.c:684:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "echo %s:%s | chpasswd", username, password);
data/gadmin-proftpd-0.4.2/src/functions.c:689:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "echo %s:%s | chpass", username, password);
data/gadmin-proftpd-0.4.2/src/functions.c:696:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "echo passwd/username %s:%s", username, password);
data/gadmin-proftpd-0.4.2/src/functions.c:705:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "usermod -p '%s' %s", encrypted_pass, username);
data/gadmin-proftpd-0.4.2/src/functions.c:709:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "pw usermod -p '%s' %s", encrypted_pass, username);
data/gadmin-proftpd-0.4.2/src/functions.c:713:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_pass, "echo manually change the password: passwd/username '%s' %s", encrypted_pass, username);
data/gadmin-proftpd-0.4.2/src/functions.c:720:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(user_pass,"w"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:761:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rnd_string, arr[where]);
data/gadmin-proftpd-0.4.2/src/functions.c:767:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$1$%s$", rnd_string);
data/gadmin-proftpd-0.4.2/src/functions.c:770:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "%s", &rnd_string[6]);
data/gadmin-proftpd-0.4.2/src/functions.c:775:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return crypt(password, salt);
data/gadmin-proftpd-0.4.2/src/functions.c:803:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%s", user_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:881:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:934:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:937:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/functions.c:1099:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rnd_string, u_arr[where]);
data/gadmin-proftpd-0.4.2/src/functions.c:1110:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rnd_string, l_arr[where]);
data/gadmin-proftpd-0.4.2/src/functions.c:1127:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rnd_string, u_arr[where]);
data/gadmin-proftpd-0.4.2/src/functions.c:1132:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rnd_string, l_arr[where]);
data/gadmin-proftpd-0.4.2/src/functions.c:1145:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(command, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:326:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(cmd, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:116:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conf, PROFTPD_CONF);
data/gadmin-proftpd-0.4.2/src/gprostats.c:117:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xferlog, XFER_LOG);
data/gadmin-proftpd-0.4.2/src/gprostats.c:164:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conf, argv[x+1]);
data/gadmin-proftpd-0.4.2/src/gprostats.c:171:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xferlog, argv[x+1]);
data/gadmin-proftpd-0.4.2/src/gprostats.c:177:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(welcome_name, argv[x+1]);
data/gadmin-proftpd-0.4.2/src/gprostats.c:183:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(html, argv[x+1]);
data/gadmin-proftpd-0.4.2/src/gprostats.c:274:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:361:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %s", user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:369:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %*s %*s %*s %*s %*s %s", temp);
data/gadmin-proftpd-0.4.2/src/gprostats.c:374:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %*s %s", action);
data/gadmin-proftpd-0.4.2/src/gprostats.c:377:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %*s %*s %*s %*s %*s %*s %s", file);
data/gadmin-proftpd-0.4.2/src/gprostats.c:408:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, server_name);
data/gadmin-proftpd-0.4.2/src/gprostats.c:418:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, datestamp);
data/gadmin-proftpd-0.4.2/src/gprostats.c:445:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, server_name);
data/gadmin-proftpd-0.4.2/src/gprostats.c:449:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, datestamp);
data/gadmin-proftpd-0.4.2/src/gprostats.c:512:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, userlist[top_ul].user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:516:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, convert);
data/gadmin-proftpd-0.4.2/src/gprostats.c:523:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, userlist[top_ul].user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:527:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, convert);
data/gadmin-proftpd-0.4.2/src/gprostats.c:541:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome1, userlist[top_dl].user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:544:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome1, convert);
data/gadmin-proftpd-0.4.2/src/gprostats.c:551:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome1, userlist[top_dl].user);
data/gadmin-proftpd-0.4.2/src/gprostats.c:555:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome1, convert);
data/gadmin-proftpd-0.4.2/src/gprostats.c:572:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, welcome1);
data/gadmin-proftpd-0.4.2/src/gprostats.c:578:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen("date", "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:589:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(welcome, datestamp);
data/gadmin-proftpd-0.4.2/src/gprostats.c:622:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user_welcome, userlist[row].dir);
data/gadmin-proftpd-0.4.2/src/gprostats.c:625:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_welcome, welcome_name);
data/gadmin-proftpd-0.4.2/src/gprostats.c:648:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, html_welcome1);
data/gadmin-proftpd-0.4.2/src/gprostats.c:654:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html_welcome, datestamp);
data/gadmin-proftpd-0.4.2/src/import_functions.c:127:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/import_functions.c:129:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "%s", global_server_address);
data/gadmin-proftpd-0.4.2/src/import_functions.c:131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/import_functions.c:266:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_settings, directory);
data/gadmin-proftpd-0.4.2/src/import_functions.c:269:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_settings, username);
data/gadmin-proftpd-0.4.2/src/import_functions.c:271:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(user_settings, groupname);
data/gadmin-proftpd-0.4.2/src/import_functions.c:334:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/import_functions.c:346:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/import_functions.c:371:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, username);
data/gadmin-proftpd-0.4.2/src/import_functions.c:378:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, old_buffer);
data/gadmin-proftpd-0.4.2/src/import_functions.c:388:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, user_settings);
data/gadmin-proftpd-0.4.2/src/import_functions.c:403:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffer, user_settings);
data/gadmin-proftpd-0.4.2/src/import_functions.c:443:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(import_root_dir, "%s", g_home_dir);
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:62:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen("ftpwho -v", "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:71:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(get_buffer, "%s %s", kick_pid, kick_name);
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:144:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(kick, "kill -15 %s", kick_pid);
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:145:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
avoid_warnings = system(kick);
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:58:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen("ftpwho -v", "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:70:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(get_buffer, "%s %s", kick_pid, kick_name);
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:97:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(kick, "kill -15 %s", kick_pid);
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:98:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
avoid_warnings = system(kick);
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:106:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(kick, "kill -15 %s", username);
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:107:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
avoid_warnings = system(kick);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:45:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(command, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/osx_functions.c:75:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "rm -f /etc/%s", entity);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:103:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/nidump passwd / > %s", GP_OSX_PASS_DUMP);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:131:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tempname, check_buffer);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:164:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/nidump passwd / > %s", GP_OSX_PASS_DUMP);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:227:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tempuid, &buffy[begin]);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:284:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/nidump passwd / > %s", GP_OSX_PASS_DUMP);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:345:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tempgid, &buffy[begin]);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:399:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -create / /users/%s", username);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:408:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s realname %s", username, "ftp-user");
data/gadmin-proftpd-0.4.2/src/osx_functions.c:437:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s gid %li", username, gp_id);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:446:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s uid %li", username, gp_id);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:455:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s home %s", username, "/dev/null");
data/gadmin-proftpd-0.4.2/src/osx_functions.c:464:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s name %s", username, username);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:473:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s shell %s", username, shell);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:503:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -destroy / /users/%s", username);
data/gadmin-proftpd-0.4.2/src/osx_functions.c:540:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "/usr/bin/niutil -createprop / /users/%s passwd '%s'", username, encrypted_pass);
data/gadmin-proftpd-0.4.2/src/populate_conf_tab.c:60:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_buffy, old_buffy);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:58:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(DISC_USAGE, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:67:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %s %s %s %s", device, total, used, free, percent, mount);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:138:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", _("uploaded"));
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:141:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", _("downloaded"));
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:144:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", _("deleted"));
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:146:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", _("split filename ?"));
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:76:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>", global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:78:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address_buffer, global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:82:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s", global_server_port);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:161:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(new_buffer, &old_buffer[x]);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:207:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:263:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:276:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:287:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:302:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:317:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:331:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:345:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:359:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:373:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:404:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:415:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:426:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:431:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:441:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:446:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:455:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:467:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:487:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(new_buffer, &old_buffer[10]);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:532:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &old_buffer[12]);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:541:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(new_buffer, &old_buffer[7]);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:612:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:622:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:634:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:653:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:735:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:750:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:765:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:780:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:795:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:810:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:825:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:843:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:861:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(new_buffer, old_buffer[x]+x, old_buffer+x);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:97:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[5]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:120:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[i]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:131:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[i]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:159:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[13]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:176:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[5]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:190:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[i]);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:203:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[i]);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:86:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffy, old_buffy);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:96:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffy, old_buffy);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:124:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffy, old_buffy);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:241:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:243:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address_buffer, global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:245:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:283:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:310:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:321:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:328:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:338:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:362:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buffer, "%s", &line[x]);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:373:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", spinval);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:393:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %*s %s %s %s %s", fr, frc, br, brc);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:439:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:456:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_buffer, line);
data/gadmin-proftpd-0.4.2/src/populate_users.c:78:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(address_buffer, "<VirtualHost %s>\n", global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_users.c:80:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address_buffer, global_server_address);
data/gadmin-proftpd-0.4.2/src/populate_users.c:82:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(port_buffer, "Port %s\n", global_server_port);
data/gadmin-proftpd-0.4.2/src/populate_users.c:164:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_users.c:197:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_users.c:204:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_users.c:224:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(old_buffer, "%*s %s", new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_users.c:260:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_user_name, "%s", (gchar *)user?user:"None");
data/gadmin-proftpd-0.4.2/src/select_first_server.c:63:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_address, "%s", (gchar *)address?address:"None");
data/gadmin-proftpd-0.4.2/src/select_first_server.c:64:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_port, "%s", (gchar *)port?port:"21");
data/gadmin-proftpd-0.4.2/src/select_first_server.c:65:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_type, "%s", (gchar *)type?type:"None");
data/gadmin-proftpd-0.4.2/src/select_first_user.c:53:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_user_name, "%s", (gchar *)user?user:"None");
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:70:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_address, "%s", address?address:"None");
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:71:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_port, "%s", port?port:"21");
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:72:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_server_type, "%s", type?type:"None");
data/gadmin-proftpd-0.4.2/src/set_version.c:50:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(command, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/shutdown_ok_clicked.c:50:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(shutdown, "r");
data/gadmin-proftpd-0.4.2/src/standard_conf.c:93:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, module_conf);
data/gadmin-proftpd-0.4.2/src/standard_conf.c:98:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_conf, line);
data/gadmin-proftpd-0.4.2/src/standard_conf.c:598:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(conf, line);
data/gadmin-proftpd-0.4.2/src/status_update.c:195:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((fp=popen(cmd, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/status_update.c:235:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", tmp);
data/gadmin-proftpd-0.4.2/src/status_update.c:242:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", tmp);
data/gadmin-proftpd-0.4.2/src/status_update.c:339:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", tmp);
data/gadmin-proftpd-0.4.2/src/status_update.c:348:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s", tmp);
data/gadmin-proftpd-0.4.2/src/user_treeview_row_clicked.c:61:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_user_name, "%s", (gchar *)user?user:"None");
data/gadmin-proftpd-0.4.2/src/functions.c:754:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/gadmin-proftpd-0.4.2/src/functions.c:1090:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/gadmin-proftpd-0.4.2/src/functions.c:1120:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/gadmin-proftpd-0.4.2/src/add_server.c:42:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "a"))==NULL)
data/gadmin-proftpd-0.4.2/src/add_user.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/add_user.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/add_user.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/add_user.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/add_user.c:83:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/add_user.c:114:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpnumber = atoi(tmp);
data/gadmin-proftpd-0.4.2/src/add_user.c:309:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "a+"))==NULL)
data/gadmin-proftpd-0.4.2/src/add_user.c:324:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_GROUP_BUF, "a+"))==NULL)
data/gadmin-proftpd-0.4.2/src/add_user.c:543:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user_profile, "\n<Anonymous ");
data/gadmin-proftpd-0.4.2/src/add_user.c:545:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, ">\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:546:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "User ");
data/gadmin-proftpd-0.4.2/src/add_user.c:548:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "\nGroup ");
data/gadmin-proftpd-0.4.2/src/add_user.c:554:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AnonRequirePassword off\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:556:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AnonRequirePassword on\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:559:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "MaxClients ");
data/gadmin-proftpd-0.4.2/src/add_user.c:561:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " \"");
data/gadmin-proftpd-0.4.2/src/add_user.c:562:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "The server is full, hosting %m users");
data/gadmin-proftpd-0.4.2/src/add_user.c:563:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "\"\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:565:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "DisplayLogin welcome.msg\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:566:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "DisplayChdir .msg\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:575:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "UserRatio ");
data/gadmin-proftpd-0.4.2/src/add_user.c:592:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit LOGIN>\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:593:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "Allow from all\nDeny from all\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:594:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:598:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit LOGIN>\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:599:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "Allow from ");
data/gadmin-proftpd-0.4.2/src/add_user.c:601:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "\nDeny from all\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:602:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:612:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Anonymous>\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:625:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/add_user.c:684:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(new_buffer, " AllowUser ");
data/gadmin-proftpd-0.4.2/src/add_user.c:740:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:125:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(settings_conf, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:205:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:293:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "#MasqueradeAddress None\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:339:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowStoreRestart on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:341:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowStoreRestart off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:350:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowRetrieveRestart on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:352:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowRetrieveRestart off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:385:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "IdentLookups on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:387:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "IdentLookups off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:396:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "UseReverseDNS on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:398:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "UseReverseDNS off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:407:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DefaultTransferMode binary\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:409:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DefaultTransferMode ascii\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:452:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowForeignAddress on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:454:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowForeignAddress off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:463:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TimesGMT on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:465:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TimesGMT off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:486:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DeleteAbortedStores on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:488:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DeleteAbortedStores off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:504:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSEngine on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:506:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSEngine off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:516:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired auth+data\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:519:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:522:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired data\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:525:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired ctrl\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:534:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSVerifyClient on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:536:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSVerifyClient off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:559:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "Ratios on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:561:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "Ratios off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:570:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "SaveRatios on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:572:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "SaveRatios off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:597:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:755:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "#MasqueradeAddress None\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:795:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowStoreRestart on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:797:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowStoreRestart off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:806:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowRetrieveRestart on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:808:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowRetrieveRestart off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:841:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "IdentLookups on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:843:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "IdentLookups off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:852:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "UseReverseDNS on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:854:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "UseReverseDNS off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:863:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DefaultTransferMode binary\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:865:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DefaultTransferMode ascii\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:908:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowForeignAddress on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:910:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "AllowForeignAddress off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:919:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TimesGMT on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:921:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TimesGMT off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:942:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DeleteAbortedStores on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:944:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "DeleteAbortedStores off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:960:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSEngine on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:962:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSEngine off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:972:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired auth+data\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:975:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired data\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:978:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired ctrl\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:981:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSRequired off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:990:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSVerifyClient on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:992:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "TLSVerifyClient off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1018:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "Ratios on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1020:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "Ratios off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1029:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "SaveRatios on\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1031:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conf_line, "SaveRatios off\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:1055:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/apply_user.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/apply_user.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/apply_user.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/apply_user.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:260:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "User ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:265:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "Group ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:271:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AnonRequirePassword off\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:273:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AnonRequirePassword on\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:276:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "MaxClients ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:278:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " \"");
data/gadmin-proftpd-0.4.2/src/apply_user.c:279:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "The server is full, hosting %m users");
data/gadmin-proftpd-0.4.2/src/apply_user.c:280:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "\"\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:283:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "DisplayLogin welcome.msg\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:284:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "DisplayChdir .msg\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:294:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "UserRatio ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:311:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit LOGIN>\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:312:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "Allow from all\nDeny from all\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:313:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:317:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit LOGIN>\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:318:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "Allow from ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:320:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "\nDeny from all\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:321:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:335:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "#gplockstats\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:338:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Anonymous>\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:358:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:482:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:499:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "a"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:516:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/apply_user.c:544:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/clear_file_tab.c:41:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(XFER_LOG, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:48:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:80:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(secure_log, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:104:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(secure_log, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:124:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(infile, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:140:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(path, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:182:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:237:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int module_in_include_path(char *path, char module_name[1024])
data/gadmin-proftpd-0.4.2/src/commands.c:237:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int module_in_include_path(char *path, char module_name[1024])
data/gadmin-proftpd-0.4.2/src/commands.c:244:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(path, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:279:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int using_included_module(char module_name[1024])
data/gadmin-proftpd-0.4.2/src/commands.c:286:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/commands.c:339:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int using_module(char module_name[1024])
data/gadmin-proftpd-0.4.2/src/commands.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modname_popen[1024]="";
data/gadmin-proftpd-0.4.2/src/commands.h:39:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int using_module(char module_name[1024]);
data/gadmin-proftpd-0.4.2/src/commands.h:40:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int using_included_module(char module_name[1024]);
data/gadmin-proftpd-0.4.2/src/commands.h:41:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int module_in_include_path(char *path, char module_name[1024]);
data/gadmin-proftpd-0.4.2/src/commands.h:41:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int module_in_include_path(char *path, char module_name[1024]);
data/gadmin-proftpd-0.4.2/src/create_import_window.c:216:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:58:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:100:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:121:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:163:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/delete_server.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/delete_server.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/delete_server.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/delete_server.c:100:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/delete_server.c:171:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/delete_user.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/delete_user.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/delete_user.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/delete_user.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/delete_user.c:95:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/delete_user.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(UserUsername, "User ");
data/gadmin-proftpd-0.4.2/src/delete_user.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(AllowuserName, "AllowUser ");
data/gadmin-proftpd-0.4.2/src/delete_user.c:254:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:71:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AllowOverwrite on\n");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:73:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "AllowOverwrite off\n");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:76:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:82:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " LIST NLST ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:88:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " STOR STOU ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:94:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " APPE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:100:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RETR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:106:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RNFR RNTO ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:114:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " DELE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:120:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " MKD XMKD SITE_MKDIR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:126:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RMD XRMD SITE_RMDIR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:132:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:138:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE_CHMOD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:144:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE_CHGRP ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:151:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " MTDM ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:158:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " PWD XPWD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:165:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SIZE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:172:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " STAT ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:179:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " CWD XCWD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:186:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " CDUP XCUP ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:193:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " NOTHING ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:195:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, ">\n AllowAll\n</Limit>\n");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:200:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Limit");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:206:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " LIST NLST ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:212:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " STOR STOU ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:218:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " APPE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:224:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RETR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:230:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RNFR RNTO ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:238:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " DELE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:244:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " MKD XMKD SITE_MKDIR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:250:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " RMD XRMD SITE_RMDIR ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:256:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:262:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE_CHMOD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:268:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SITE_CHGRP ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:275:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " MTDM ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:282:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " PWD XPWD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:289:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " SIZE ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:296:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " STAT ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:303:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " CWD XCWD ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:310:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " CDUP XCUP ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:317:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, " NOTHING ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:319:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, ">\n DenyAll\n</Limit>\n");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:393:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "<Directory ");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:395:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, ">\n");
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:399:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_profile, "</Directory>\n");
data/gadmin-proftpd-0.4.2/src/functions.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[4096]="";
data/gadmin-proftpd-0.4.2/src/functions.c:100:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:138:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_SHADOW_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[4096]="";
data/gadmin-proftpd-0.4.2/src/functions.c:189:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_GROUP_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:224:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(GP_GSHADOW_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:288:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:393:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_GROUP_BUF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:489:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:559:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:580:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:647:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_PASSWD_BUF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[13]=""; /* The total salt length is 12 */
data/gadmin-proftpd-0.4.2/src/functions.c:787:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:824:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void make_dir_chmod(gchar *directory, char perm[128])
data/gadmin-proftpd-0.4.2/src/functions.c:847:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:891:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:902:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:943:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/functions.c:969:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi((char *)default_username_length);
data/gadmin-proftpd-0.4.2/src/functions.c:1012:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi((char *)default_password_length);
data/gadmin-proftpd-0.4.2/src/functions.c:1142:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
exec_ssl(char *command, char descr[128])
data/gadmin-proftpd-0.4.2/src/functions.c:1142:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
exec_ssl(char *command, char descr[128])
data/gadmin-proftpd-0.4.2/src/functions.h:59:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void exec_ssl(char *command, char descr[128]);
data/gadmin-proftpd-0.4.2/src/functions.h:59:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void exec_ssl(char *command, char descr[128]);
data/gadmin-proftpd-0.4.2/src/functions.h:61:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void make_dir_chmod(gchar *directory, char perm[128]);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_server_address[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:74:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_server_port[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_server_name[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_server_type[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_user_name[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_version[1024]="";
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:252:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(settings_conf, "w+")) == NULL)
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:318:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:360:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen("/etc/pam.d/ftp", "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:121:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(openssl_config_path, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(openssl_config_path, "w"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:223:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(passfile, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:249:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(passfile, "w"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:278:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(script_path, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:325:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(script_path, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/generate_cert.c:364:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(script_path, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[8192];
data/gadmin-proftpd-0.4.2/src/gprostats.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[8192];
data/gadmin-proftpd-0.4.2/src/gprostats.c:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
show_usage(char conf[8192], char xferlog[8192])
data/gadmin-proftpd-0.4.2/src/gprostats.c:65:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
show_usage(char conf[8192], char xferlog[8192])
data/gadmin-proftpd-0.4.2/src/gprostats.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conf[8192]="", xferlog[8192]="", html[8192]="", welcome_name[8192]="";
data/gadmin-proftpd-0.4.2/src/gprostats.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_welcome[16384+20]="";
data/gadmin-proftpd-0.4.2/src/gprostats.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_name[8192]="";
data/gadmin-proftpd-0.4.2/src/gprostats.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html_welcome[30000]="";
data/gadmin-proftpd-0.4.2/src/gprostats.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html_welcome1[5000]="";
data/gadmin-proftpd-0.4.2/src/gprostats.c:195:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(conf, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:315:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(xferlog, "r")) == NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:407:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(welcome, "Welcome to ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:409:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, " \%U\n\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:411:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "You are user \%N out of a maximum of \%M authorized logins.\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:412:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "Current time is \%T.\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:413:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "The administrator can be reached here: \%E\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:417:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "\nStatistics since: ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:420:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "\n\nTop 10 Uploaders:\n_________________\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:426:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(html_welcome, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:427:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(html_welcome, "<html><head>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:428:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta http-equiv=\"CONTENT-TYPE\" content=\"text/html; charset=iso-8859-15\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:429:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<title>GADMIN-PROFTPD statistics</title>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:430:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta name=\"GENERATOR\" content=\"OpenOffice.org 641 (Linux)\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:431:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta name=\"CREATED\" content=\"20030324;20033300\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:432:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta name=\"CHANGED\" content=\"20030325;11325700\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:433:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta name=\"KEYWORDS\" content=\"GADMIN-PROFTPD statistics\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:434:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<meta name=\"charset\" content=\"ISO-8859-1\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:435:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<style>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:436:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "th{ font-size: 24px; }\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:437:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "td{ font-size: 16px; }\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:438:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "td.left{ vertical-align: left; padding-left: 15%; }\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:439:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "td.right{ vertical-align: right; padding-right: 15%; }\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:440:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</style></head>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:441:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<body lang=\"en-US\" text=\"#DDDDFF\" link=\"#4b6499\" vlink=\"#3b4581\" bgcolor=\"#3c278e\">\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:442:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<table border=5 width=800 align=center>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:443:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:444:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<td width=800 colspan=1><font size=5><center>Statistics for ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:448:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, " since: ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:451:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "\n</center></td>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:452:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</tr></table>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:453:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<br>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:454:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<table border=2 width=600 align=center>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:455:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:456:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<th width=600 colspan=2>Top 10 uploaders</th>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:457:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:460:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "<table border=2 width=600 align=center>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:461:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "<tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:462:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "<th width=600 colspan=2>Top 10 downloaders</th>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:463:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "</tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:513:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, ": ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:515:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(convert, "%llu", userlist[top_ul].ul);
data/gadmin-proftpd-0.4.2/src/gprostats.c:517:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, " KB\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:522:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<tr><td class=left width=300>");
data/gadmin-proftpd-0.4.2/src/gprostats.c:524:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</td>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:525:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<td align=right class=right width=300>");
data/gadmin-proftpd-0.4.2/src/gprostats.c:526:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(convert, "%llu", userlist[top_ul].ul);
data/gadmin-proftpd-0.4.2/src/gprostats.c:528:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, " KB\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:529:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</td></tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:542:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome1, ": ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:543:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(convert, "%llu", userlist[top_dl].dl);
data/gadmin-proftpd-0.4.2/src/gprostats.c:545:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome1, " KB\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:550:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "<tr><td class=left width=300>");
data/gadmin-proftpd-0.4.2/src/gprostats.c:552:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "</td>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:553:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "<td class=right align=right width=300>");
data/gadmin-proftpd-0.4.2/src/gprostats.c:554:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(convert, "%llu", userlist[top_dl].dl);
data/gadmin-proftpd-0.4.2/src/gprostats.c:556:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, " KB\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:557:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome1, "</td></tr>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:570:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "\nTop 10 Downloaders:\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:571:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "___________________\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:588:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(welcome, "\nGenerated on ");
data/gadmin-proftpd-0.4.2/src/gprostats.c:626:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(user_welcome, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/gprostats.c:647:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</table><br>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:649:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</table><br><br>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:653:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "<center>Statistics generated by GAdmin-PRoFTPD on \n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:655:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</center>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:657:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html_welcome, "</body></html>\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:659:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(html, "w+")) == NULL)
data/gadmin-proftpd-0.4.2/src/import_functions.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/import_functions.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/import_functions.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/import_functions.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/import_functions.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/import_functions.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char import_root_dir[8192]="";
data/gadmin-proftpd-0.4.2/src/import_functions.c:135:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/import_functions.c:265:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user_settings, "\n<Anonymous ");
data/gadmin-proftpd-0.4.2/src/import_functions.c:267:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, ">\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:268:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "User ");
data/gadmin-proftpd-0.4.2/src/import_functions.c:270:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "\nGroup ");
data/gadmin-proftpd-0.4.2/src/import_functions.c:273:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "AnonRequirePassword on\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:274:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "MaxClients 3 \"The server is full, hosting %m users\"\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:275:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "DisplayLogin welcome.msg\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:276:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "DisplayChdir .msg\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:277:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "AllowOverwrite off\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:278:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "<Limit LOGIN>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:279:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, " Allow from all\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:280:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, " Deny from all\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:281:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:282:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "<Limit RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:283:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, " AllowAll\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:284:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:285:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "<Limit DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:286:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, " DenyAll\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:287:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "</Limit>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:288:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(user_settings, "</Anonymous>\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:304:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/import_functions.c:370:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(new_buffer, " AllowUser ");
data/gadmin-proftpd-0.4.2/src/import_functions.c:416:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF,"w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:97:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_FTPUSERS, "a"))==NULL)
data/gadmin-proftpd-0.4.2/src/make_settings_buttons.c:31:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icon_name[100],
data/gadmin-proftpd-0.4.2/src/make_settings_buttons.h:28:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icon_name[100],
data/gadmin-proftpd-0.4.2/src/osx_functions.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[4096]="";
data/gadmin-proftpd-0.4.2/src/osx_functions.c:114:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_OSX_PASS_DUMP,"r"))==NULL)
data/gadmin-proftpd-0.4.2/src/osx_functions.c:182:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_OSX_PASS_DUMP, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/osx_functions.c:302:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_OSX_PASS_DUMP, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_conf_tab.c:45:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_POPEN]="";
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mount[8192]="", free[1024]="", used[1024]="", total[1024]="", percent[1024]="", device[8192]="";
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:53:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(XFER_LOG, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:57:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:91:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(secure_log, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:62:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:268:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:282:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:293:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val=atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:307:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:322:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:336:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:350:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:364:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:378:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:595:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(settings_conf, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:628:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:640:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:713:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(openssl_conf, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:829:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:847:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(new_buffer);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/populate_servers.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_name[1024];
data/gadmin-proftpd-0.4.2/src/populate_servers.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/populate_servers.c:58:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:60:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(GP_SHELLS, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_name[1024];
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:211:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:376:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spinvalue = atoi(spinval);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:398:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spinvalue = atoi(br);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:406:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spinvalue = atoi(brc);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:414:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spinvalue = atoi(fr);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:422:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spinvalue = atoi(frc);
data/gadmin-proftpd-0.4.2/src/populate_users.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/populate_users.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/populate_users.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_name[1024];
data/gadmin-proftpd-0.4.2/src/populate_users.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/populate_users.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/populate_users.c:62:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/populate_users.c:181:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(translate, _("yes"));
data/gadmin-proftpd-0.4.2/src/populate_users.c:187:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(translate, _("no"));
data/gadmin-proftpd-0.4.2/src/populate_users.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(translate, _("yes"));
data/gadmin-proftpd-0.4.2/src/populate_users.c:215:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(translate, _("no"));
data/gadmin-proftpd-0.4.2/src/save_conf_tab.c:54:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/select_first_server.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/select_first_server.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/select_first_server.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/select_first_user.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_address[1024];
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_port[1024];
data/gadmin-proftpd-0.4.2/src/server_treeview_row_clicked.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_server_type[1024];
data/gadmin-proftpd-0.4.2/src/set_version.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/standard_conf.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_version[1024];
data/gadmin-proftpd-0.4.2/src/standard_conf.c:49:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:105:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:140:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(file_path, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:316:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(PROFTPD_CONF, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:556:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(settings_conf, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:570:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(settings_conf, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/standard_conf.c:594:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(conf, "show_conf_question: false\n");
data/gadmin-proftpd-0.4.2/src/standard_conf.c:606:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(conf, "show_conf_question: false\n");
data/gadmin-proftpd-0.4.2/src/standard_conf.c:609:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(settings_conf, "w+"))==NULL)
data/gadmin-proftpd-0.4.2/src/status_update.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024])
data/gadmin-proftpd-0.4.2/src/status_update.c:42:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024])
data/gadmin-proftpd-0.4.2/src/status_update.c:42:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024])
data/gadmin-proftpd-0.4.2/src/status_update.c:69:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(sub_proc_path, "r"))==NULL)
data/gadmin-proftpd-0.4.2/src/status_update.h:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024]);
data/gadmin-proftpd-0.4.2/src/status_update.h:27:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024]);
data/gadmin-proftpd-0.4.2/src/status_update.h:27:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * get_process_pid(char process[1024], char extmatch[1024]);
data/gadmin-proftpd-0.4.2/src/user_treeview_row_clicked.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char global_user_name[1024];
data/gadmin-proftpd-0.4.2/src/add_user.c:101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) < 3 )
data/gadmin-proftpd-0.4.2/src/add_user.c:182:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(username);
data/gadmin-proftpd-0.4.2/src/add_user.c:200:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( username[0]=='r' && username[1]=='o' && username[2]=='o' && username[3]=='t' && strlen(username) == 4 )
data/gadmin-proftpd-0.4.2/src/add_user.c:217:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(password);
data/gadmin-proftpd-0.4.2/src/add_user.c:227:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(group);
data/gadmin-proftpd-0.4.2/src/add_user.c:237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(shell);
data/gadmin-proftpd-0.4.2/src/add_user.c:247:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(comment);
data/gadmin-proftpd-0.4.2/src/add_user.c:550:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, "\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:577:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/add_user.c:579:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/add_user.c:581:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/add_user.c:583:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/add_user.c:585:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, "\n");
data/gadmin-proftpd-0.4.2/src/add_user.c:590:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( login_from == NULL || strlen(login_from) < 3 )
data/gadmin-proftpd-0.4.2/src/add_user.c:686:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_buffer, "\n");
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:177:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(address_buffer) == 0
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:191:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(port_buffer) == 0 )
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:238:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 4000 ) // 8000...
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:287:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( active_index == 0 && strlen(masquerade_address) > 4 )
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:290:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(masquerade_address) > 4 )
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:708:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 4000 )
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:749:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( active_index == 0 && strlen(masquerade_address) > 4 )
data/gadmin-proftpd-0.4.2/src/apply_server_settings.c:752:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(masquerade_address) > 4 )
data/gadmin-proftpd-0.4.2/src/apply_user.c:211:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password_length = strlen(password);
data/gadmin-proftpd-0.4.2/src/apply_user.c:262:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, "\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:267:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, "\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:296:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:298:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:300:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:302:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, " ");
data/gadmin-proftpd-0.4.2/src/apply_user.c:304:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_profile, "\n");
data/gadmin-proftpd-0.4.2/src/apply_user.c:309:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( login_from == NULL || strlen(login_from) < 3 )
data/gadmin-proftpd-0.4.2/src/apply_user.c:448:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(new_buffer) > 0 )
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:65:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffy) < 12 )
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:71:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( secure_log[strlen(secure_log)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/clear_security_tab.c:72:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secure_log[strlen(secure_log)-1]='\0';
data/gadmin-proftpd-0.4.2/src/commands.c:94:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(cmd) > 4 )
data/gadmin-proftpd-0.4.2/src/commands.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(cmd) > 4 )
data/gadmin-proftpd-0.4.2/src/commands.c:198:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( commented(line) || strlen(line) < 5 )
data/gadmin-proftpd-0.4.2/src/commands.c:216:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( include_path[strlen(include_path)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/commands.c:217:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
include_path[strlen(include_path)-1]='\0';
data/gadmin-proftpd-0.4.2/src/commands.c:222:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
includes = realloc(includes, file_size+1+strlen(sub_includes)+1000);
data/gadmin-proftpd-0.4.2/src/commands.c:319:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( include_path[strlen(include_path)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/commands.c:320:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
include_path[strlen(include_path)-1]='\0';
data/gadmin-proftpd-0.4.2/src/commands.c:349:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modname_popen[strlen(modname_popen)-2]='\0';
data/gadmin-proftpd-0.4.2/src/commands.c:363:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) > 4 && strstr(line, modname_popen) )
data/gadmin-proftpd-0.4.2/src/commented.c:32:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( line!=NULL && strlen(line) > 0 )
data/gadmin-proftpd-0.4.2/src/create_import_window.c:231:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 10 && strlen(old_buffer) < 4000 )
data/gadmin-proftpd-0.4.2/src/create_import_window.c:231:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 10 && strlen(old_buffer) < 4000 )
data/gadmin-proftpd-0.4.2/src/create_import_window.c:247:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_import_window.c:254:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:90:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:107:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:124:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:159:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:176:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:193:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:224:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:231:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:238:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:246:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:254:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:262:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:270:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:288:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_main_window.c:302:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:261:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:264:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:282:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:285:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:298:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:301:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:309:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:312:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:321:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:324:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:360:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:363:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:371:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:374:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:396:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:399:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:450:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:453:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:465:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:468:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:486:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:489:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:497:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:500:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:508:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:511:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:531:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:534:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:542:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:545:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:548:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:551:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:559:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:562:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:677:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:680:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:688:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_server_settings.c:691:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/create_user_tab.c:89:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(dir_path, strlen(dir_path), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/delete_server.c:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(address_buffer)==0 )
data/gadmin-proftpd-0.4.2/src/delete_server.c:84:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(address_buffer)==0 )
data/gadmin-proftpd-0.4.2/src/delete_server.c:91:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(port_buffer)==0 )
data/gadmin-proftpd-0.4.2/src/delete_server.c:124:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/delete_server.c:137:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/delete_user.c:76:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(username);
data/gadmin-proftpd-0.4.2/src/delete_user.c:86:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( username[0]=='r' && username[1]=='o' && username[2]=='o' && username[3]=='t' && strlen(username)==4 )
data/gadmin-proftpd-0.4.2/src/delete_user.c:112:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(UserUsername, "\n");
data/gadmin-proftpd-0.4.2/src/delete_user.c:118:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AllowuserName, "\n");
data/gadmin-proftpd-0.4.2/src/delete_user.c:157:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/delete_user.c:241:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 3 )
data/gadmin-proftpd-0.4.2/src/delete_user.c:338:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(username);
data/gadmin-proftpd-0.4.2/src/delete_user.c:348:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( username[0]=='r' && username[1]=='o' && username[2]=='o' && username[3]=='t' && strlen(username) == 4 )
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:338:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( dir == NULL || strlen((char *)dir) < 5 )
data/gadmin-proftpd-0.4.2/src/dir_treeview_funcs.c:340:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen((char *)dir) < 1 )
data/gadmin-proftpd-0.4.2/src/functions.c:70:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf) < 2 )
data/gadmin-proftpd-0.4.2/src/functions.c:73:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newbuf = allocate(strlen(buf)+1);
data/gadmin-proftpd-0.4.2/src/functions.c:160:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(username) == strlen(tempname) )
data/gadmin-proftpd-0.4.2/src/functions.c:160:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(username) == strlen(tempname) )
data/gadmin-proftpd-0.4.2/src/functions.c:244:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strstr(groupname, tempname) && strlen(groupname)==strlen(tempname) )
data/gadmin-proftpd-0.4.2/src/functions.c:244:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strstr(groupname, tempname) && strlen(groupname)==strlen(tempname) )
data/gadmin-proftpd-0.4.2/src/functions.c:350:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(tempname) < 351 && ! strstr(tempname, ":") )
data/gadmin-proftpd-0.4.2/src/functions.c:422:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(y=strlen(temp)-1; temp[y]; y--)
data/gadmin-proftpd-0.4.2/src/functions.c:445:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(y=strlen(line)-1; line[y]!='\0'; y--)
data/gadmin-proftpd-0.4.2/src/functions.c:506:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) < 10 )
data/gadmin-proftpd-0.4.2/src/functions.c:597:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) < 10 )
data/gadmin-proftpd-0.4.2/src/functions.c:888:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_buffer, "\n");
data/gadmin-proftpd-0.4.2/src/functions.c:933:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_buffer, "\n");
data/gadmin-proftpd-0.4.2/src/functions.c:968:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen((char *)default_username_length) < 4 )
data/gadmin-proftpd-0.4.2/src/functions.c:989:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(rnd_string, strlen(rnd_string), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/functions.c:1011:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen((char *)default_password_length) < 4 )
data/gadmin-proftpd-0.4.2/src/functions.c:1032:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(rnd_string, strlen(rnd_string), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/functions.c:1087:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300000);
data/gadmin-proftpd-0.4.2/src/functions.c:1119:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300000);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:126:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000*10);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:192:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:199:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:206:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:213:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:220:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:227:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/gadmin_proftpd.c:234:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/generate_cert.c:78:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(hostname) == 0 || strlen(email) == 0 || strlen(bits) == 0 || strlen(password) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:78:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(hostname) == 0 || strlen(email) == 0 || strlen(bits) == 0 || strlen(password) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:78:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(hostname) == 0 || strlen(email) == 0 || strlen(bits) == 0 || strlen(password) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:78:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(hostname) == 0 || strlen(email) == 0 || strlen(bits) == 0 || strlen(password) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:79:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(days) == 0 || strlen(country) == 0 || strlen(country) > 2 || strlen(state) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:79:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(days) == 0 || strlen(country) == 0 || strlen(country) > 2 || strlen(state) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:79:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(days) == 0 || strlen(country) == 0 || strlen(country) > 2 || strlen(state) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:79:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(days) == 0 || strlen(country) == 0 || strlen(country) > 2 || strlen(state) == 0
data/gadmin-proftpd-0.4.2/src/generate_cert.c:80:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(city) == 0 || strlen(org) == 0 || strlen(org_unit) == 0 || strlen(cert_dir) < 7 )
data/gadmin-proftpd-0.4.2/src/generate_cert.c:80:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(city) == 0 || strlen(org) == 0 || strlen(org_unit) == 0 || strlen(cert_dir) < 7 )
data/gadmin-proftpd-0.4.2/src/generate_cert.c:80:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(city) == 0 || strlen(org) == 0 || strlen(org_unit) == 0 || strlen(cert_dir) < 7 )
data/gadmin-proftpd-0.4.2/src/generate_cert.c:80:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(city) == 0 || strlen(org) == 0 || strlen(org_unit) == 0 || strlen(cert_dir) < 7 )
data/gadmin-proftpd-0.4.2/src/get_option_pos.c:60:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( line!=NULL && strlen(line) > 0 )
data/gadmin-proftpd-0.4.2/src/get_option_pos.c:85:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( line!=NULL && strlen(line) > 0 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:122:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(argv[x]) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:174:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strstr(argv[x], "-w") && strlen(argv[x+1])>0 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:210:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:225:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name[strlen(server_name)-1]='\0';
data/gadmin-proftpd-0.4.2/src/gprostats.c:230:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name[strlen(server_name)-1]='\0';
data/gadmin-proftpd-0.4.2/src/gprostats.c:245:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:264:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:277:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( user[strlen(user)-1]=='@' )
data/gadmin-proftpd-0.4.2/src/gprostats.c:278:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user[strlen(user)-1]='\0';
data/gadmin-proftpd-0.4.2/src/gprostats.c:288:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:330:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:334:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ! once && strlen(old_buffer) > 5 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:357:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(user, "");
data/gadmin-proftpd-0.4.2/src/gprostats.c:364:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( user[strlen(user)-1]=='@' )
data/gadmin-proftpd-0.4.2/src/gprostats.c:365:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user[strlen(user)-1]='\0';
data/gadmin-proftpd-0.4.2/src/gprostats.c:368:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp, "");
data/gadmin-proftpd-0.4.2/src/gprostats.c:415:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:415:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:423:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(html) > 1 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:446:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:446:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:520:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(html) > 1 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:548:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(html) > 1 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:573:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(welcome, "\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:586:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:586:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:590:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(welcome, "\n");
data/gadmin-proftpd-0.4.2/src/gprostats.c:601:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(welcome_name) > 1 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:607:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(userlist[row].dir) > 0 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:623:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( user_welcome[strlen(user_welcome)-1]!='/' )
data/gadmin-proftpd-0.4.2/src/gprostats.c:624:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_welcome, "/");
data/gadmin-proftpd-0.4.2/src/gprostats.c:645:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(html) > 1 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:651:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/gprostats.c:651:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(datestamp) > 3 && strlen(datestamp) < 100 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:75:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(username) == 0 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:80:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(groupname) == 0 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:93:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( username[0]=='r' && username[1]=='o' && username[2]=='o' && username[3]=='t' && strlen(username)==4 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:99:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( groupname[0]=='r' && groupname[1]=='o' && groupname[2]=='o' && groupname[3]=='t' && strlen(groupname)==4 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:117:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(import_root_dir) < 6 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:157:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:175:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:215:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:272:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(user_settings, "\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:323:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 4000 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:343:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 4000 )
data/gadmin-proftpd-0.4.2/src/import_functions.c:372:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_buffer, "\n");
data/gadmin-proftpd-0.4.2/src/import_functions.c:438:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(import_root_dir, "");
data/gadmin-proftpd-0.4.2/src/import_functions.c:442:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(g_home_dir) <= 4000 )
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:52:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(username) == 0 )
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:73:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kick_name[strlen(kick_name)-1]=='\n' || kick_name[strlen(kick_name)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:73:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kick_name[strlen(kick_name)-1]=='\n' || kick_name[strlen(kick_name)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/kick_ban_button_clicked.c:74:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kick_name[strlen(kick_name)-1]='\0';
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:54:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(username) == 0 )
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:72:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kick_name[strlen(kick_name)-1]=='\n' || kick_name[strlen(kick_name)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:72:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kick_name[strlen(kick_name)-1]=='\n' || kick_name[strlen(kick_name)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/kick_button_clicked.c:73:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kick_name[strlen(kick_name)-1]='\0';
data/gadmin-proftpd-0.4.2/src/osx_functions.c:199:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buffy) < 3 || strlen(buffy) > 1024 )
data/gadmin-proftpd-0.4.2/src/osx_functions.c:199:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buffy) < 3 || strlen(buffy) > 1024 )
data/gadmin-proftpd-0.4.2/src/osx_functions.c:318:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buffy) < 3 || strlen(buffy) > 1024 )
data/gadmin-proftpd-0.4.2/src/osx_functions.c:318:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buffy) < 3 || strlen(buffy) > 1024 )
data/gadmin-proftpd-0.4.2/src/populate_conf_tab.c:64:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffy, strlen(new_buffy), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_conf_tab.c:66:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_set_text(conf_textbuffer, utf8, strlen(utf8));
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:71:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(mount, strlen(mount), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:74:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(free, strlen(free), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:77:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(used, strlen(used), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:80:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(total, strlen(total), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:83:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(percent, strlen(percent), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_disc_tab.c:86:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(device, strlen(device), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:69:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) < 10 )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:78:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(old_buffer)-1; old_buffer[i]!='\0'; i--)
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:105:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:108:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:110:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]!='\0' )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:111:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:120:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(old_buffer)-1; old_buffer[i]!='\0'; i--)
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:134:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]!='\0' )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:135:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:148:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:182:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:185:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:187:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]!='\0' )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:188:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:210:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(old_buffer)-1; old_buffer[i]!='\0'; i--)
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:228:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:231:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:233:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]!='\0' )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:234:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:270:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:273:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_buffer, &old_buffer[begin], end);
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:275:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]!='\0' )
data/gadmin-proftpd-0.4.2/src/populate_file_tab.c:276:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:74:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buffy) < 12 )
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:80:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( secure_log[strlen(secure_log)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:81:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secure_log[strlen(secure_log)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:115:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:122:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:129:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:136:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:144:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_security_tab.c:163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(buffy, strlen(buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:90:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:114:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(old_buffer) > 8000 )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:171:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:195:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:208:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(new_buffer) > 3 )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:210:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:210:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:211:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:212:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:227:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:227:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:228:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:230:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:264:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:264:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:265:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:277:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:277:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:278:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:288:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:288:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:289:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:303:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:303:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:304:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:318:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:318:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:319:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:332:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:332:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:333:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:346:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:346:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:347:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:360:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:360:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:374:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:374:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:375:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:405:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:405:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:406:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:408:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:416:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:416:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:417:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:419:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:427:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:442:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:456:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:456:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:457:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:468:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:468:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:469:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:485:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( cmplowercase(old_buffer, "systemlog") && strlen(old_buffer) > 9 )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:488:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:488:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:489:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:491:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:533:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:533:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:534:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:536:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:542:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:542:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:543:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:545:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:613:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:613:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:614:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:616:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:623:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:623:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:624:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:635:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:635:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:636:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:654:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:654:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( new_buffer[strlen(new_buffer)-1]=='\n' || new_buffer[strlen(new_buffer)-1]=='\r' )
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:655:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:657:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:736:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:737:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:751:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:752:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:766:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:767:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:781:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:782:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:796:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:797:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:811:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:812:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:826:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:844:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:862:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_server_settings.c:863:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:98:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:101:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:121:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:122:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:132:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:133:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:160:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:162:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:177:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:179:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:191:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:192:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_servers.c:204:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_servers.c:205:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:51:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(combo_text, strlen(combo_text), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:87:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffy, strlen(new_buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:97:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffy, strlen(new_buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:122:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& ! strstr(old_buffy, "#") && strlen(old_buffy) > 7 )
data/gadmin-proftpd-0.4.2/src/populate_shell_combo.c:125:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffy, strlen(new_buffy)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:163:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( info == NULL || strlen(info) < 1 )
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:285:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) > 4000 )
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:304:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:305:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(&new_buffer[11], strlen(&new_buffer[11]), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:311:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:322:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:343:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-1]='\0';
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:344:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(&new_buffer[i], strlen(&new_buffer[i]), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:462:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_buffer[strlen(new_buffer)-2]='\0';
data/gadmin-proftpd-0.4.2/src/populate_user_settings.c:463:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(&new_buffer[i], strlen(&new_buffer[i]), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:155:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:165:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:170:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(user_comment, strlen(user_comment), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:182:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(translate, strlen(translate), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:188:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(translate, strlen(translate), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:198:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:210:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(translate, strlen(translate), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:216:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(translate, strlen(translate), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:225:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(new_buffer, strlen(new_buffer), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/populate_users.c:248:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(global_user_name, "");
data/gadmin-proftpd-0.4.2/src/select_first_user.c:47:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(global_user_name, "");
data/gadmin-proftpd-0.4.2/src/set_version.c:64:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( cmplowercase(version, "proftpd") && strlen(version) < 30 )
data/gadmin-proftpd-0.4.2/src/set_version.c:67:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(version)-1; version[i]!='\0'; i--)
data/gadmin-proftpd-0.4.2/src/set_version.c:72:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(ver, strlen(ver)-1, NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/set_version.c:83:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(ver, strlen(ver), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/show_info.c:53:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(content) < 5 )
data/gadmin-proftpd-0.4.2/src/show_info.c:114:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(content, strlen(content), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/show_info.c:118:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_set_text(text_buffer, utf8, strlen(utf8));
data/gadmin-proftpd-0.4.2/src/standard_conf.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) > 500 )
data/gadmin-proftpd-0.4.2/src/standard_conf.c:275:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( path!=NULL && strlen(path) > 8 && conf_ok(path) )
data/gadmin-proftpd-0.4.2/src/standard_conf.c:480:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/standard_conf.c:589:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(line) > 5 )
data/gadmin-proftpd-0.4.2/src/status_update.c:51:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pid, "0");
data/gadmin-proftpd-0.4.2/src/status_update.c:117:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:128:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:144:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:199:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:217:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( line==NULL || strlen(line) < 10
data/gadmin-proftpd-0.4.2/src/status_update.c:236:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:243:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:258:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:296:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( tmp[strlen(tmp)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/status_update.c:297:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1]='\0';
data/gadmin-proftpd-0.4.2/src/status_update.c:299:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:329:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( tmp[strlen(tmp)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/status_update.c:330:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1]='\0';
data/gadmin-proftpd-0.4.2/src/status_update.c:331:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:340:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:349:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:369:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( tmp[strlen(tmp)-1]=='\n' )
data/gadmin-proftpd-0.4.2/src/status_update.c:370:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1]='\0';
data/gadmin-proftpd-0.4.2/src/status_update.c:372:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(tmp, strlen(tmp), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:412:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:425:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
data/gadmin-proftpd-0.4.2/src/status_update.c:438:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8 = g_locale_to_utf8(info, strlen(info), NULL, NULL, NULL);
ANALYSIS SUMMARY:
Hits = 1284
Lines analyzed = 20500 in approximately 0.68 seconds (30093 lines/second)
Physical Source Lines of Code (SLOC) = 12922
Hits@level = [0] 167 [1] 434 [2] 444 [3] 3 [4] 403 [5] 0
Hits@level+ = [0+] 1451 [1+] 1284 [2+] 850 [3+] 406 [4+] 403 [5+] 0
Hits/KSLOC@level+ = [0+] 112.289 [1+] 99.3654 [2+] 65.7793 [3+] 31.4193 [4+] 31.1871 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.