Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gnarwl-3.6.dfsg/src/util.h Examining data/gnarwl-3.6.dfsg/src/mailhandler.h Examining data/gnarwl-3.6.dfsg/src/dbaccess.h Examining data/gnarwl-3.6.dfsg/src/util.c Examining data/gnarwl-3.6.dfsg/src/config.h Examining data/gnarwl-3.6.dfsg/src/config.c Examining data/gnarwl-3.6.dfsg/src/gnarwl.c Examining data/gnarwl-3.6.dfsg/src/mailhandler.c Examining data/gnarwl-3.6.dfsg/src/dbaccess.c Examining data/gnarwl-3.6.dfsg/src/damnit.c Examining data/gnarwl-3.6.dfsg/static.h FINAL RESULTS: data/gnarwl-3.6.dfsg/src/damnit.c:62:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(tmp,(int)val); data/gnarwl-3.6.dfsg/src/dbaccess.c:74:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname,cfg.dbdir); data/gnarwl-3.6.dfsg/src/dbaccess.c:76:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,me); data/gnarwl-3.6.dfsg/src/dbaccess.c:113:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname,cfg.dbdir); data/gnarwl-3.6.dfsg/src/dbaccess.c:115:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,me); data/gnarwl-3.6.dfsg/src/dbaccess.c:280:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(retbuf[i],header); data/gnarwl-3.6.dfsg/src/dbaccess.c:281:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(retbuf[i],entry[0]); data/gnarwl-3.6.dfsg/src/dbaccess.c:282:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(retbuf[i],footer); data/gnarwl-3.6.dfsg/src/mailhandler.c:147:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bbuf,ibuf+sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:244:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp,cfg.mta); data/gnarwl-3.6.dfsg/src/mailhandler.c:246:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp,cfg.mta_opts); data/gnarwl-3.6.dfsg/src/mailhandler.c:251:11: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execv(cfg.mta,splitString(tmp,-1,' ')); data/gnarwl-3.6.dfsg/src/util.c:56:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp+x,r); data/gnarwl-3.6.dfsg/src/util.c:57:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp+strlen(tmp),tmp2+x+strlen(s)); data/gnarwl-3.6.dfsg/src/util.c:61:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp2,tmp); data/gnarwl-3.6.dfsg/src/util.c:152:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s,*d); data/gnarwl-3.6.dfsg/src/util.c:180:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*dest,src); data/gnarwl-3.6.dfsg/src/damnit.c:165:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "hnf:l:a:d:")) != EOF) { data/gnarwl-3.6.dfsg/src/dbaccess.c:154:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/gnarwl-3.6.dfsg/src/gnarwl.c:67:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "hc:a:s:")) != EOF) { data/gnarwl-3.6.dfsg/src/config.c:92:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cfg.starttls = atoi(val); data/gnarwl-3.6.dfsg/src/config.c:100:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cfg.port=atoi(val); data/gnarwl-3.6.dfsg/src/config.c:138:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cfg.dbexp=atoi(val); data/gnarwl-3.6.dfsg/src/config.c:170:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cfg.maxmail=atoi(val); data/gnarwl-3.6.dfsg/src/config.c:175:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cfg.maxheader=atoi(val)+2; data/gnarwl-3.6.dfsg/src/config.c:179:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verbose=atoi(val); data/gnarwl-3.6.dfsg/src/config.c:188:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch(atoi(val)) { data/gnarwl-3.6.dfsg/src/config.c:242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXLINE]; data/gnarwl-3.6.dfsg/src/config.c:247:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fptr=fopen(cfile,"r"); data/gnarwl-3.6.dfsg/src/config.c:266:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,cfg.macro_attr,sizeof(char**)*pos); data/gnarwl-3.6.dfsg/src/damnit.c:119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val.dptr,&t,sizeof(t)); data/gnarwl-3.6.dfsg/src/damnit.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXLINE]; data/gnarwl-3.6.dfsg/src/dbaccess.c:129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data.dptr,&ret,sizeof(ret)); data/gnarwl-3.6.dfsg/src/mailhandler.c:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[MAXLINE]; // "inputbuffer" data/gnarwl-3.6.dfsg/src/util.c:108:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,str+y*sizeof(char),(size_t)x-y); data/gnarwl-3.6.dfsg/src/util.c:121:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=open(fname,O_RDONLY); data/gnarwl-3.6.dfsg/src/config.c:254:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/config.c:254:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/config.h:34:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int umask; // file creation mask for db files data/gnarwl-3.6.dfsg/src/damnit.c:47:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp2[strlen(tmp2)-1]=='\n') tmp2[strlen(tmp2)-1]='\0'; data/gnarwl-3.6.dfsg/src/damnit.c:47:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp2[strlen(tmp2)-1]=='\n') tmp2[strlen(tmp2)-1]='\0'; data/gnarwl-3.6.dfsg/src/damnit.c:113:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize=strlen(entry)+1; data/gnarwl-3.6.dfsg/src/damnit.c:141:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize=strlen(entry)+1; data/gnarwl-3.6.dfsg/src/damnit.c:179:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/damnit.c:179:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/damnit.c:189:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/damnit.c:189:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0'; data/gnarwl-3.6.dfsg/src/dbaccess.c:72:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:72:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:75:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/'; data/gnarwl-3.6.dfsg/src/dbaccess.c:75:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/'; data/gnarwl-3.6.dfsg/src/dbaccess.c:86:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize=(int)strlen(she)+1; data/gnarwl-3.6.dfsg/src/dbaccess.c:111:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:111:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:114:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/'; data/gnarwl-3.6.dfsg/src/dbaccess.c:114:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/'; data/gnarwl-3.6.dfsg/src/dbaccess.c:125:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize=strlen(he)+1; data/gnarwl-3.6.dfsg/src/dbaccess.c:151:36: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). dbf=gdbm_open(fname,0,mode,cfg.umask,NULL); data/gnarwl-3.6.dfsg/src/dbaccess.c:173:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize=(int)strlen(key.dptr)+1; data/gnarwl-3.6.dfsg/src/dbaccess.c:277:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:277:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char)); data/gnarwl-3.6.dfsg/src/dbaccess.c:277:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:74:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp[1][0]==' ') memmove(tmp[1],tmp[1]+sizeof(char),strlen(tmp[1])); data/gnarwl-3.6.dfsg/src/mailhandler.c:138:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ibuf[strlen(ibuf)-1]='\0'; data/gnarwl-3.6.dfsg/src/mailhandler.c:145:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bbuf=(char*)realloc(bbuf,(strlen(bbuf)+strlen(ibuf)+1)*sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:145:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bbuf=(char*)realloc(bbuf,(strlen(bbuf)+strlen(ibuf)+1)*sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:242:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=(char*)calloc((strlen(cfg.mta)+strlen(cfg.mta_opts)+4),sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:242:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=(char*)calloc((strlen(cfg.mta)+strlen(cfg.mta_opts)+4),sizeof(char)); data/gnarwl-3.6.dfsg/src/mailhandler.c:245:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(cfg.mta)]=' '; data/gnarwl-3.6.dfsg/src/util.c:40:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(x=0;x<(int)strlen(r);x++) { data/gnarwl-3.6.dfsg/src/util.c:48:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl=strlen(tmp2); data/gnarwl-3.6.dfsg/src/util.c:51:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(tmp2+x,s,strlen(s))) { data/gnarwl-3.6.dfsg/src/util.c:52:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ns=sl+strlen(r)-strlen(s)+1; data/gnarwl-3.6.dfsg/src/util.c:52:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ns=sl+strlen(r)-strlen(s)+1; data/gnarwl-3.6.dfsg/src/util.c:55:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp,tmp2,x); data/gnarwl-3.6.dfsg/src/util.c:57:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(tmp+strlen(tmp),tmp2+x+strlen(s)); data/gnarwl-3.6.dfsg/src/util.c:57:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(tmp+strlen(tmp),tmp2+x+strlen(s)); data/gnarwl-3.6.dfsg/src/util.c:59:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp2=(char*)calloc(strlen(tmp)+1,sizeof(char)); data/gnarwl-3.6.dfsg/src/util.c:62:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl=strlen(tmp2); data/gnarwl-3.6.dfsg/src/util.c:86:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(x=0;x<(int)strlen(str);x++) { data/gnarwl-3.6.dfsg/src/util.c:87:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(str[x]==delim && x<(int)strlen(str)) x++; data/gnarwl-3.6.dfsg/src/util.c:88:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(str[x]!=delim && x<(int)strlen(str)) x++; data/gnarwl-3.6.dfsg/src/util.c:97:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(str); data/gnarwl-3.6.dfsg/src/util.c:135:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fs.st_size!=read(fd,buf,(size_t)fs.st_size)) { data/gnarwl-3.6.dfsg/src/util.c:150:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s=(char*)calloc(strlen(*d)+1,sizeof(char)); data/gnarwl-3.6.dfsg/src/util.c:154:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(m=0;m<(int)strlen(s);m++) if (s[m]=='<') { l=m+1; break; } data/gnarwl-3.6.dfsg/src/util.c:155:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(m=strlen(s);m>=0;m--) if (s[m]=='>') { r=m-1; break; } data/gnarwl-3.6.dfsg/src/util.c:157:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(m=0;m<(int)strlen(s);m++) { data/gnarwl-3.6.dfsg/src/util.c:172:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(m=0;m<(int)strlen(tmp[0]);m++) tmp[0][m]=(char)tolower(tmp[0][m]); data/gnarwl-3.6.dfsg/src/util.c:178:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dest=(char*)malloc((strlen(src)+1)*sizeof(char)); data/gnarwl-3.6.dfsg/src/util.c:200:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen=strlen(in); ANALYSIS SUMMARY: Hits = 91 Lines analyzed = 1683 in approximately 0.10 seconds (16618 lines/second) Physical Source Lines of Code (SLOC) = 1178 Hits@level = [0] 38 [1] 55 [2] 16 [3] 3 [4] 17 [5] 0 Hits@level+ = [0+] 129 [1+] 91 [2+] 36 [3+] 20 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 109.508 [1+] 77.2496 [2+] 30.5603 [3+] 16.9779 [4+] 14.4312 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.