Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend.c
Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend.h
Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend-module.c
Examining data/gconf-3.2.6/gsettings/gsettings-data-convert.c
Examining data/gconf-3.2.6/tests/testunique.c
Examining data/gconf-3.2.6/tests/testencode.c
Examining data/gconf-3.2.6/tests/testpersistence.c
Examining data/gconf-3.2.6/tests/testdirlist.c
Examining data/gconf-3.2.6/tests/testaddress.c
Examining data/gconf-3.2.6/tests/testbackend.c
Examining data/gconf-3.2.6/tests/testchangeset.c
Examining data/gconf-3.2.6/tests/testschemas.c
Examining data/gconf-3.2.6/tests/testlisteners.c
Examining data/gconf-3.2.6/tests/testgconf.c
Examining data/gconf-3.2.6/backends/evoldap-backend.c
Examining data/gconf-3.2.6/backends/xml-test.c
Examining data/gconf-3.2.6/backends/markup-backend.c
Examining data/gconf-3.2.6/backends/xml-dir.h
Examining data/gconf-3.2.6/backends/xml-cache.h
Examining data/gconf-3.2.6/backends/xml-cache.c
Examining data/gconf-3.2.6/backends/markup-tree.h
Examining data/gconf-3.2.6/backends/xml-entry.c
Examining data/gconf-3.2.6/backends/xml-backend.c
Examining data/gconf-3.2.6/backends/xml-entry.h
Examining data/gconf-3.2.6/backends/gconf-merge-tree.c
Examining data/gconf-3.2.6/backends/markup-tree.c
Examining data/gconf-3.2.6/backends/xml-dir.c
Examining data/gconf-3.2.6/examples/basic-gconf-app.c
Examining data/gconf-3.2.6/examples/simple-controller.c
Examining data/gconf-3.2.6/examples/simple-view.c
Examining data/gconf-3.2.6/defaults/gconf-defaults-glue.h
Examining data/gconf-3.2.6/defaults/gconf-defaults.h
Examining data/gconf-3.2.6/defaults/gconf-defaults-main.c
Examining data/gconf-3.2.6/defaults/gconf-defaults.c
Examining data/gconf-3.2.6/gconf/gconfd-dbus.h
Examining data/gconf-3.2.6/gconf/gconf-sources.h
Examining data/gconf-3.2.6/gconf/gconfd.h
Examining data/gconf-3.2.6/gconf/gconf-internals.c
Examining data/gconf-3.2.6/gconf/gconf-error.c
Examining data/gconf-3.2.6/gconf/gconf-database-dbus.c
Examining data/gconf-3.2.6/gconf/gconf-engine.h
Examining data/gconf-3.2.6/gconf/gconf-value.c
Examining data/gconf-3.2.6/gconf/gconf-internals.h
Examining data/gconf-3.2.6/gconf/gconf-enum-types.h
Examining data/gconf-3.2.6/gconf/gconf-dbus-utils.h
Examining data/gconf-3.2.6/gconf/gconf-database-dbus.h
Examining data/gconf-3.2.6/gconf/gconf.c
Examining data/gconf-3.2.6/gconf/gconf-changeset.h
Examining data/gconf-3.2.6/gconf/gconf-listeners.h
Examining data/gconf-3.2.6/gconf/gconf-dbus-utils.c
Examining data/gconf-3.2.6/gconf/gconf-schema.h
Examining data/gconf-3.2.6/gconf/gconf-error.h
Examining data/gconf-3.2.6/gconf/gconf-schema.c
Examining data/gconf-3.2.6/gconf/gconfd-dbus.c
Examining data/gconf-3.2.6/gconf/gconf-listeners.c
Examining data/gconf-3.2.6/gconf/gconf-changeset.c
Examining data/gconf-3.2.6/gconf/gconf-sources.c
Examining data/gconf-3.2.6/gconf/gconf-database.h
Examining data/gconf-3.2.6/gconf/gconf-database.c
Examining data/gconf-3.2.6/gconf/gconf.h
Examining data/gconf-3.2.6/gconf/gconf-enum-types.c
Examining data/gconf-3.2.6/gconf/gconf-backend.c
Examining data/gconf-3.2.6/gconf/gconf-locale.h
Examining data/gconf-3.2.6/gconf/gconf-backend.h
Examining data/gconf-3.2.6/gconf/gconftool.c
Examining data/gconf-3.2.6/gconf/gconf-locale.c
Examining data/gconf-3.2.6/gconf/dllmain.c
Examining data/gconf-3.2.6/gconf/gconf-client.h
Examining data/gconf-3.2.6/gconf/gconfd.c
Examining data/gconf-3.2.6/gconf/gconf-client.c
Examining data/gconf-3.2.6/gconf/gconf-value.h
Examining data/gconf-3.2.6/gconf/gconf-dbus.c
FINAL RESULTS:
data/gconf-3.2.6/backends/markup-tree.c:4525:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (new_filename, st.st_mode);
data/gconf-3.2.6/backends/markup-tree.c:4526:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown (new_filename, st.st_uid, st.st_gid) < 0)
data/gconf-3.2.6/backends/markup-tree.c:4529:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (new_filename, -1, st.st_gid);
data/gconf-3.2.6/backends/markup-tree.c:4530:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (new_filename, st.st_uid, -1);
data/gconf-3.2.6/backends/markup-tree.c:4532:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (new_filename, st.st_mode);
data/gconf-3.2.6/backends/xml-dir.c:524:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (tmp_filename, d->file_mode) != 0)
data/gconf-3.2.6/backends/evoldap-backend.c:341:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&retval[pos], varval);
data/gconf-3.2.6/backends/markup-tree.c:672:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullpath, markup_dir);
data/gconf-3.2.6/backends/markup-tree.c:697:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullpath_end, dent);
data/gconf-3.2.6/backends/xml-dir.c:878:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath, d->fs_dirname);
data/gconf-3.2.6/backends/xml-dir.c:895:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_end, dent);
data/gconf-3.2.6/gconf/gconf-internals.c:853:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&retval[pos], varval);
data/gconf-3.2.6/gconf/gconf-internals.c:1063:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, dir);
data/gconf-3.2.6/gconf/gconf-internals.c:1071:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((retval+dirlen), key);
data/gconf-3.2.6/gconf/gconf-internals.c:1084:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, key);
data/gconf-3.2.6/gconf/gconf-value.c:615:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[cur], elem);
data/gconf-3.2.6/gsettings/gsettings-data-convert.c:74:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (copy + (match - address) + 10, match + 11);
data/gconf-3.2.6/gconf/gconf-internals.c:707:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_copy = g_strdup (g_get_home_dir ());
data/gconf-3.2.6/gconf/gconf-internals.c:734:36: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
path_old = g_build_filename (g_get_home_dir (), ".gconf", NULL);
data/gconf-3.2.6/gconf/gconf-internals.c:763:14: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir ();
data/gconf-3.2.6/gconf/gconf-internals.c:2849:18: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmpdir = g_get_tmp_dir ();
data/gconf-3.2.6/gconf/gconf-internals.c:2860:26: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *home = g_get_home_dir ();
data/gconf-3.2.6/backends/evoldap-backend.c:219:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer [512];
data/gconf-3.2.6/backends/markup-tree.c:1769:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *fallback_locales[2] = {
data/gconf-3.2.6/backends/markup-tree.c:3645:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[4096];
data/gconf-3.2.6/gconf/dllmain.c:74:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wcbfr[1000];
data/gconf-3.2.6/gconf/gconf-backend.c:273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtable_copy, vtable, MIN(vtable->vtable_size, sizeof(GConfBackendVTable)));
data/gconf-3.2.6/gconf/gconf-internals.c:1003:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim [2] = { GCONF_DATABASE_LIST_DELIM, '\0' };
data/gconf-3.2.6/gconf/gconf-internals.c:1123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[G_ASCII_DTOSTR_BUF_SIZE];
data/gconf-3.2.6/gconf/gconf-internals.c:1855:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gconf_value_set_int(val, atoi(s));
data/gconf-3.2.6/gconf/gconf-internals.c:2319:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (uniquefile, O_WRONLY | O_CREAT, 0700);
data/gconf-3.2.6/gconf/gconf-internals.c:2417:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (filename, O_RDWR, 0700);
data/gconf-3.2.6/gconf/gconf-internals.c:2978:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (l && atoi (l) == 1)
data/gconf-3.2.6/gconf/gconf-sources.c:888:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *locales[2] = { NULL, NULL };
data/gconf-3.2.6/gconf/gconfd.c:811:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
write_byte_fd = atoi (argv[1]);
data/gconf-3.2.6/gconf/gconfd.c:827:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_null_fd = open (DEV_NULL, O_RDWR);
data/gconf-3.2.6/gconf/gconfd.c:971:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1] = { 'g' };
data/gconf-3.2.6/gconf/gconfd.c:1856:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fd = g_open (tmpfile, O_WRONLY | O_CREAT | O_TRUNC, 0700);
data/gconf-3.2.6/gconf/gconfd.c:1862:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile, g_strerror (errno));
data/gconf-3.2.6/gconf/gconfd.c:1876:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile, fd, g_strerror (errno));
data/gconf-3.2.6/gconf/gconfd.c:1885:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile, g_strerror (errno));
data/gconf-3.2.6/gconf/gconfd.c:1892:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile, g_strerror (errno));
data/gconf-3.2.6/gconf/gconfd.c:1912:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (g_rename (tmpfile, logfile) < 0)
data/gconf-3.2.6/gconf/gconfd.c:1942:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free (tmpfile);
data/gconf-3.2.6/gconf/gconfd.c:2443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE] = { '\0' };
data/gconf-3.2.6/gconf/gconftool.c:2340:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idx = atoi (args[1]);
data/gconf-3.2.6/gsettings/gsettings-data-convert.c:72:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (copy, address, match - address);
data/gconf-3.2.6/gsettings/gsettings-data-convert.c:73:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (copy + (match - address), ":readonly:", 10);
data/gconf-3.2.6/backends/evoldap-backend.c:297:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval_len = strlen (src) + 1;
data/gconf-3.2.6/backends/evoldap-backend.c:333:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
varval_len = strlen (varval);
data/gconf-3.2.6/backends/markup-backend.c:232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (root_dir);
data/gconf-3.2.6/backends/markup-tree.c:499:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dent_len = strlen (dent);
data/gconf-3.2.6/backends/markup-tree.c:667:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (markup_dir);
data/gconf-3.2.6/backends/markup-tree.c:693:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dent);
data/gconf-3.2.6/backends/markup-tree.c:698:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (fullpath_end+len, "/%gconf.xml", subdir_len - len);
data/gconf-3.2.6/backends/markup-tree.c:705:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (fullpath_end+len, "/%gconf-tree.xml", subdir_len - len);
data/gconf-3.2.6/backends/xml-backend.c:294:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (root_dir);
data/gconf-3.2.6/backends/xml-dir.c:144:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->root_dir_len = strlen(xml_root_dir);
data/gconf-3.2.6/backends/xml-dir.c:214:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->root_dir_len = strlen(xml_root_dir);
data/gconf-3.2.6/backends/xml-dir.c:874:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(d->fs_dirname);
data/gconf-3.2.6/backends/xml-dir.c:891:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dent);
data/gconf-3.2.6/backends/xml-dir.c:896:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(fullpath_end+len, "/%gconf.xml", subdir_len - len);
data/gconf-3.2.6/backends/xml-dir.c:1229:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dir) > root_dir_len)
data/gconf-3.2.6/gconf/dllmain.c:43:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (configure_time_path, PREFIX "/", strlen (PREFIX) + 1) == 0)
data/gconf-3.2.6/gconf/dllmain.c:46:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
configure_time_path + strlen (PREFIX),
data/gconf-3.2.6/gconf/dllmain.c:131:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locale_dir = g_strconcat (cp_prefix, GCONF_LOCALE_DIR + strlen (PREFIX), NULL);
data/gconf-3.2.6/gconf/gconf-backend.c:92:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retval, address, len-1);
data/gconf-3.2.6/gconf/gconf-client.c:916:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = parent + strlen (parent);
data/gconf-3.2.6/gconf/gconf-client.c:1297:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen (dir);
data/gconf-3.2.6/gconf/gconf-internals.c:109:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retval, key, len);
data/gconf-3.2.6/gconf/gconf-internals.c:808:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval_len = strlen(src) + 1;
data/gconf-3.2.6/gconf/gconf-internals.c:845:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
varval_len = strlen(varval);
data/gconf-3.2.6/gconf/gconf-internals.c:1058:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(dir);
data/gconf-3.2.6/gconf/gconf-internals.c:1059:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/gconf-3.2.6/gconf/gconf-internals.c:1582:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest = g_malloc0(strlen(src)*2+4);
data/gconf-3.2.6/gconf/gconf-internals.c:2630:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = write (lock->lock_fd, s, strlen (s));
data/gconf-3.2.6/gconf/gconf-internals.c:2641:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = write (lock->lock_fd, ior, strlen (ior));
data/gconf-3.2.6/gconf/gconf-locale.c:230:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
at_pos = locale + strlen (locale);
data/gconf-3.2.6/gconf/gconf-locale.c:236:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*codeset, dot_pos, at_pos - dot_pos);
data/gconf-3.2.6/gconf/gconf-locale.c:246:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*territory, uscore_pos, dot_pos - uscore_pos);
data/gconf-3.2.6/gconf/gconf-locale.c:253:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*language, locale, uscore_pos - locale);
data/gconf-3.2.6/gconf/gconf-locale.c:347:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
orig_category_memory = category_memory = g_malloc (strlen (locale)+1);
data/gconf-3.2.6/gconf/gconf-value.c:267:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/gconf-3.2.6/gconf/gconf-value.c:409:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/gconf-3.2.6/gconf/gconf-value.c:605:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(elem);
data/gconf-3.2.6/gconf/gconf.c:62:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_bytes = strlen (name);
data/gconf-3.2.6/gconf/gconf.c:2817:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arbitrary_text);
data/gconf-3.2.6/gconf/gconf.c:2861:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (escaped_key);
data/gconf-3.2.6/gconf/gconf.c:2908:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (above);
data/gconf-3.2.6/gconf/gconfd.c:879:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (022);
data/gconf-3.2.6/gconf/gconfd.c:1679:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return guid + strlen ("guid=");
data/gconf-3.2.6/gconf/gconfd.c:2460:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/gconf-3.2.6/gconf/gconftool.c:1038:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (022);
data/gconf-3.2.6/gconf/gconftool.c:1050:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (022);
data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:795:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen(name) - 1] == '/')
data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:812:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen(name) - 1] != '/')
data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:820:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return g_strndup (name, strlen(name) - 1);
data/gconf-3.2.6/gsettings/gsettings-data-convert.c:71:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy = g_malloc (strlen (address) - 1 + 1);
data/gconf-3.2.6/tests/testlisteners.c:297:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(changed_key, listener_watchpoint, strlen(listener_watchpoint)) == 0;
ANALYSIS SUMMARY:
Hits = 99
Lines analyzed = 54630 in approximately 1.03 seconds (52966 lines/second)
Physical Source Lines of Code (SLOC) = 39894
Hits@level = [0] 160 [1] 51 [2] 26 [3] 5 [4] 11 [5] 6
Hits@level+ = [0+] 259 [1+] 99 [2+] 48 [3+] 22 [4+] 17 [5+] 6
Hits/KSLOC@level+ = [0+] 6.4922 [1+] 2.48158 [2+] 1.20319 [3+] 0.551461 [4+] 0.426129 [5+] 0.150399
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.