Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_request.c
Examining data/globus-gass-transfer-9.1/library/globus_l_gass_transfer_http.h
Examining data/globus-gass-transfer-9.1/library/globus_i_gass_transfer_keyvalue.h
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_proto.h
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_proto.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_client.c
Examining data/globus-gass-transfer-9.1/library/globus_i_gass_transfer.h
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_send_recv.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_attribute.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_keyvalue.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_referral.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_text.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer.h
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_server.c
Examining data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c
FINAL RESULTS:
data/globus-gass-transfer-9.1/library/globus_gass_transfer.c:122:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_GTSL("Entering globus_l_gass_transfer_deactivate()\n"));
data/globus-gass-transfer-9.1/library/globus_gass_transfer.c:143:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_GTSL("failing: %s\n"), req->url);
data/globus-gass-transfer-9.1/library/globus_gass_transfer.c:186:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_GTSL("waiting for requests\n"));
data/globus-gass-transfer-9.1/library/globus_gass_transfer.c:230:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_GTSL("Exiting globus_l_gass_transfer_deactivate()\n"));
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:64:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf fmt;\
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:72:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(strchr(globus_l_gass_transfer_http_debug_level,'9') ? "Thread [%d] acquiring mutex at %s:%d\n" : "", \
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:82:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(strchr(globus_l_gass_transfer_http_debug_level, '9') ? "Thread [%d] releasing mutex at %s:%d\n" : "", \
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:316:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *) new_proto->iov[0].iov_base,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:911:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(response,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:916:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(response + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1085:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(response,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1090:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(response + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1721:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(referral_string,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1723:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1727:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1729:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1732:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1735:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1739:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1744:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(referral_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1833:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(deny_string,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1837:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(deny_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1839:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(deny_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1842:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(deny_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1845:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(deny_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1919:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(authorize_string,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1924:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(authorize_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1931:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset = sprintf(authorize_string,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1936:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(authorize_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1942:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(authorize_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1946:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
offset += sprintf(authorize_string + offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2342:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subject,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2742:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*base_url,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3820:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%s%s", url_base, proto->uri);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4602:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4607:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4649:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *) cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4654:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd + strlen(cmd),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4681:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *) cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4686:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4691:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4696:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4699:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4740:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *) cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4744:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *) cmd + strlen(cmd),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4771:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *) cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4776:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4781:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4786:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4789:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5008:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf((char *) proto->response_buffer + proto->parsed_offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5219:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) new_ptr,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_request.c:832:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_GTSL("removing from list\n"));
data/globus-gass-transfer-9.1/library/globus_gass_transfer_attribute.c:1352:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_attribute.c:1402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_attribute.c:1445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_attribute.c:1496:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4539:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex, "%2x", (unsigned int) *(tmp_in++));
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5560:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proto->user_buffer + proto->user_offset,
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:320:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_proto->iov[0].iov_len = strlen((char *) new_proto->iov[0].iov_base);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:904:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response_len += strlen(GLOBUS_L_GENERIC_RESPONSE);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:906:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response_len += strlen(GLOBUS_L_OK);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:922:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(response),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1078:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response_len += strlen(GLOBUS_L_GENERIC_RESPONSE);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1080:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response_len += strlen(GLOBUS_L_OK);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1096:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(response),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1691:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
referral_count += strlen(GLOBUS_L_REFER_RESPONSE);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1692:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
referral_count += strlen(GLOBUS_L_LOCATION_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1694:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
referral_count += strlen(GLOBUS_L_CONTENT_LENGTH_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1696:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
referral_count += strlen(GLOBUS_L_HTML_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1698:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
referral_count += strlen(referral.url[0]);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1700:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(GLOBUS_L_HTML_REFERRAL_BODY_HEAD);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1701:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(GLOBUS_L_HTML_REFERRAL_BODY_TAIL);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1704:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(GLOBUS_L_HTML_HREF);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1705:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(referral.url[i]);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1706:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(referral.url[i]);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1756:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(referral_string),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1810:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deny_count += strlen(GLOBUS_L_DENIAL_RESPONSE);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1812:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deny_count += strlen(message);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1813:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deny_count += strlen(GLOBUS_L_CONTENT_LENGTH_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1814:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deny_count += strlen(GLOBUS_L_HTML_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1817:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += strlen(GLOBUS_L_HTML_DENIAL_BODY);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1818:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_count += (strlen(message) * 3);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1861:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(deny_string),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1905:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authorize_count += strlen(GLOBUS_L_CONTENT_LENGTH_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1910:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authorize_count += strlen(GLOBUS_L_GENERIC_RESPONSE);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1912:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authorize_count += strlen(GLOBUS_L_OK);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1917:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authorize_count += strlen(GLOBUS_L_TEXT_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1929:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authorize_count += strlen(GLOBUS_L_BINARY_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:1967:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(authorize_string),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2339:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject = globus_malloc(strlen(proto->url.host) +
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2340:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("/CN=")
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2739:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_size += strlen(hostname);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:2903:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmd) * sizeof(char),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3315:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(tmp, "chunked", strlen("chunked")) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3317:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strnicmp(tmp, "chunked", strlen("chunked")) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3784:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_L_APPEND_URI)) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3789:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append_len = strlen(GLOBUS_L_APPEND_URI);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3790:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen(proto->uri) - strlen(GLOBUS_L_APPEND_URI);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3790:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen(proto->uri) - strlen(GLOBUS_L_APPEND_URI);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3807:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(proto->uri, "https://", strlen("https://")) == 0 ||
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3808:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(proto->uri, "http://", strlen("http://")) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3819:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = globus_malloc(strlen(url_base) + strlen(proto->uri) + 1);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3819:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = globus_malloc(strlen(url_base) + strlen(proto->uri) + 1);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3844:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(tmp, "chunked", strlen("chunked")) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:3846:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strnicmp(tmp, "chunked", strlen("chunked")) == 0)
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4525:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_url = globus_libc_malloc(strlen((char *) url)*3+1);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4566:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(proto->url.host); /* Required for http/1.1*/
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4576:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(url);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4586:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(url);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4592:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_GET_COMMAND);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4614:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_PUT_COMMAND);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4619:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_TEXT_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4623:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_BINARY_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4639:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_CONTENT_LENGTH_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4654:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(cmd + strlen(cmd),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4660:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_CHUNKED_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4673:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proto->iov[3].iov_len = strlen("0" CRLF CRLF);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4705:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_APPEND_COMMAND);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4710:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_TEXT_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4714:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_BINARY_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4730:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_CONTENT_LENGTH_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4744:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf((char *) cmd + strlen(cmd),
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:4750:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len += strlen(GLOBUS_L_CHUNKED_HEADER);
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5214:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(value) +
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5215:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(new_value) + 2) *
data/globus-gass-transfer-9.1/library/globus_gass_transfer_http.c:5217:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char *) new_ptr,
ANALYSIS SUMMARY:
Hits = 129
Lines analyzed = 15658 in approximately 0.29 seconds (53403 lines/second)
Physical Source Lines of Code (SLOC) = 10105
Hits@level = [0] 1 [1] 68 [2] 8 [3] 0 [4] 53 [5] 0
Hits@level+ = [0+] 130 [1+] 129 [2+] 61 [3+] 53 [4+] 53 [5+] 0
Hits/KSLOC@level+ = [0+] 12.8649 [1+] 12.766 [2+] 6.03662 [3+] 5.24493 [4+] 5.24493 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.