Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnarwl-3.6.dfsg/src/util.h
Examining data/gnarwl-3.6.dfsg/src/mailhandler.h
Examining data/gnarwl-3.6.dfsg/src/dbaccess.h
Examining data/gnarwl-3.6.dfsg/src/util.c
Examining data/gnarwl-3.6.dfsg/src/config.h
Examining data/gnarwl-3.6.dfsg/src/config.c
Examining data/gnarwl-3.6.dfsg/src/gnarwl.c
Examining data/gnarwl-3.6.dfsg/src/mailhandler.c
Examining data/gnarwl-3.6.dfsg/src/dbaccess.c
Examining data/gnarwl-3.6.dfsg/src/damnit.c
Examining data/gnarwl-3.6.dfsg/static.h
FINAL RESULTS:
data/gnarwl-3.6.dfsg/src/damnit.c:62:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(tmp,(int)val);
data/gnarwl-3.6.dfsg/src/dbaccess.c:74:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname,cfg.dbdir);
data/gnarwl-3.6.dfsg/src/dbaccess.c:76:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname,me);
data/gnarwl-3.6.dfsg/src/dbaccess.c:113:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname,cfg.dbdir);
data/gnarwl-3.6.dfsg/src/dbaccess.c:115:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname,me);
data/gnarwl-3.6.dfsg/src/dbaccess.c:280:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retbuf[i],header);
data/gnarwl-3.6.dfsg/src/dbaccess.c:281:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retbuf[i],entry[0]);
data/gnarwl-3.6.dfsg/src/dbaccess.c:282:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retbuf[i],footer);
data/gnarwl-3.6.dfsg/src/mailhandler.c:147:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bbuf,ibuf+sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:244:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp,cfg.mta);
data/gnarwl-3.6.dfsg/src/mailhandler.c:246:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp,cfg.mta_opts);
data/gnarwl-3.6.dfsg/src/mailhandler.c:251:11: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void)execv(cfg.mta,splitString(tmp,-1,' '));
data/gnarwl-3.6.dfsg/src/util.c:56:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+x,r);
data/gnarwl-3.6.dfsg/src/util.c:57:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+strlen(tmp),tmp2+x+strlen(s));
data/gnarwl-3.6.dfsg/src/util.c:61:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2,tmp);
data/gnarwl-3.6.dfsg/src/util.c:152:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,*d);
data/gnarwl-3.6.dfsg/src/util.c:180:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*dest,src);
data/gnarwl-3.6.dfsg/src/damnit.c:165:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hnf:l:a:d:")) != EOF) {
data/gnarwl-3.6.dfsg/src/dbaccess.c:154:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/gnarwl-3.6.dfsg/src/gnarwl.c:67:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hc:a:s:")) != EOF) {
data/gnarwl-3.6.dfsg/src/config.c:92:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg.starttls = atoi(val);
data/gnarwl-3.6.dfsg/src/config.c:100:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg.port=atoi(val);
data/gnarwl-3.6.dfsg/src/config.c:138:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg.dbexp=atoi(val);
data/gnarwl-3.6.dfsg/src/config.c:170:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg.maxmail=atoi(val);
data/gnarwl-3.6.dfsg/src/config.c:175:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg.maxheader=atoi(val)+2;
data/gnarwl-3.6.dfsg/src/config.c:179:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose=atoi(val);
data/gnarwl-3.6.dfsg/src/config.c:188:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(val)) {
data/gnarwl-3.6.dfsg/src/config.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE];
data/gnarwl-3.6.dfsg/src/config.c:247:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr=fopen(cfile,"r");
data/gnarwl-3.6.dfsg/src/config.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,cfg.macro_attr,sizeof(char**)*pos);
data/gnarwl-3.6.dfsg/src/damnit.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val.dptr,&t,sizeof(t));
data/gnarwl-3.6.dfsg/src/damnit.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE];
data/gnarwl-3.6.dfsg/src/dbaccess.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.dptr,&ret,sizeof(ret));
data/gnarwl-3.6.dfsg/src/mailhandler.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[MAXLINE]; // "inputbuffer"
data/gnarwl-3.6.dfsg/src/util.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,str+y*sizeof(char),(size_t)x-y);
data/gnarwl-3.6.dfsg/src/util.c:121:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(fname,O_RDONLY);
data/gnarwl-3.6.dfsg/src/config.c:254:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/config.c:254:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/config.h:34:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask; // file creation mask for db files
data/gnarwl-3.6.dfsg/src/damnit.c:47:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp2[strlen(tmp2)-1]=='\n') tmp2[strlen(tmp2)-1]='\0';
data/gnarwl-3.6.dfsg/src/damnit.c:47:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp2[strlen(tmp2)-1]=='\n') tmp2[strlen(tmp2)-1]='\0';
data/gnarwl-3.6.dfsg/src/damnit.c:113:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize=strlen(entry)+1;
data/gnarwl-3.6.dfsg/src/damnit.c:141:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize=strlen(entry)+1;
data/gnarwl-3.6.dfsg/src/damnit.c:179:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/damnit.c:179:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/damnit.c:189:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/damnit.c:189:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n') buf[strlen(buf)-1]='\0';
data/gnarwl-3.6.dfsg/src/dbaccess.c:72:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:72:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:75:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/';
data/gnarwl-3.6.dfsg/src/dbaccess.c:75:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/';
data/gnarwl-3.6.dfsg/src/dbaccess.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize=(int)strlen(she)+1;
data/gnarwl-3.6.dfsg/src/dbaccess.c:111:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:111:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname=(char*)calloc(strlen(me)+strlen(cfg.dbdir)+5,sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:114:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/';
data/gnarwl-3.6.dfsg/src/dbaccess.c:114:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname[strlen(fname)-1]!='/') fname[strlen(fname)]='/';
data/gnarwl-3.6.dfsg/src/dbaccess.c:125:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize=strlen(he)+1;
data/gnarwl-3.6.dfsg/src/dbaccess.c:151:36: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
dbf=gdbm_open(fname,0,mode,cfg.umask,NULL);
data/gnarwl-3.6.dfsg/src/dbaccess.c:173:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.dsize=(int)strlen(key.dptr)+1;
data/gnarwl-3.6.dfsg/src/dbaccess.c:277:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:277:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char));
data/gnarwl-3.6.dfsg/src/dbaccess.c:277:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retbuf[i]=(char*)malloc((strlen(header)+strlen(footer)+strlen(entry[0])+5)*sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:74:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp[1][0]==' ') memmove(tmp[1],tmp[1]+sizeof(char),strlen(tmp[1]));
data/gnarwl-3.6.dfsg/src/mailhandler.c:138:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ibuf[strlen(ibuf)-1]='\0';
data/gnarwl-3.6.dfsg/src/mailhandler.c:145:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbuf=(char*)realloc(bbuf,(strlen(bbuf)+strlen(ibuf)+1)*sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:145:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbuf=(char*)realloc(bbuf,(strlen(bbuf)+strlen(ibuf)+1)*sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:242:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=(char*)calloc((strlen(cfg.mta)+strlen(cfg.mta_opts)+4),sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:242:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=(char*)calloc((strlen(cfg.mta)+strlen(cfg.mta_opts)+4),sizeof(char));
data/gnarwl-3.6.dfsg/src/mailhandler.c:245:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(cfg.mta)]=' ';
data/gnarwl-3.6.dfsg/src/util.c:40:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x=0;x<(int)strlen(r);x++) {
data/gnarwl-3.6.dfsg/src/util.c:48:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl=strlen(tmp2);
data/gnarwl-3.6.dfsg/src/util.c:51:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(tmp2+x,s,strlen(s))) {
data/gnarwl-3.6.dfsg/src/util.c:52:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns=sl+strlen(r)-strlen(s)+1;
data/gnarwl-3.6.dfsg/src/util.c:52:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns=sl+strlen(r)-strlen(s)+1;
data/gnarwl-3.6.dfsg/src/util.c:55:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,tmp2,x);
data/gnarwl-3.6.dfsg/src/util.c:57:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(tmp+strlen(tmp),tmp2+x+strlen(s));
data/gnarwl-3.6.dfsg/src/util.c:57:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(tmp+strlen(tmp),tmp2+x+strlen(s));
data/gnarwl-3.6.dfsg/src/util.c:59:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2=(char*)calloc(strlen(tmp)+1,sizeof(char));
data/gnarwl-3.6.dfsg/src/util.c:62:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl=strlen(tmp2);
data/gnarwl-3.6.dfsg/src/util.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x=0;x<(int)strlen(str);x++) {
data/gnarwl-3.6.dfsg/src/util.c:87:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(str[x]==delim && x<(int)strlen(str)) x++;
data/gnarwl-3.6.dfsg/src/util.c:88:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(str[x]!=delim && x<(int)strlen(str)) x++;
data/gnarwl-3.6.dfsg/src/util.c:97:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(str);
data/gnarwl-3.6.dfsg/src/util.c:135:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fs.st_size!=read(fd,buf,(size_t)fs.st_size)) {
data/gnarwl-3.6.dfsg/src/util.c:150:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=(char*)calloc(strlen(*d)+1,sizeof(char));
data/gnarwl-3.6.dfsg/src/util.c:154:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(m=0;m<(int)strlen(s);m++) if (s[m]=='<') { l=m+1; break; }
data/gnarwl-3.6.dfsg/src/util.c:155:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(m=strlen(s);m>=0;m--) if (s[m]=='>') { r=m-1; break; }
data/gnarwl-3.6.dfsg/src/util.c:157:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(m=0;m<(int)strlen(s);m++) {
data/gnarwl-3.6.dfsg/src/util.c:172:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(m=0;m<(int)strlen(tmp[0]);m++) tmp[0][m]=(char)tolower(tmp[0][m]);
data/gnarwl-3.6.dfsg/src/util.c:178:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dest=(char*)malloc((strlen(src)+1)*sizeof(char));
data/gnarwl-3.6.dfsg/src/util.c:200:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inlen=strlen(in);
ANALYSIS SUMMARY:
Hits = 91
Lines analyzed = 1683 in approximately 0.10 seconds (16618 lines/second)
Physical Source Lines of Code (SLOC) = 1178
Hits@level = [0] 38 [1] 55 [2] 16 [3] 3 [4] 17 [5] 0
Hits@level+ = [0+] 129 [1+] 91 [2+] 36 [3+] 20 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 109.508 [1+] 77.2496 [2+] 30.5603 [3+] 16.9779 [4+] 14.4312 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.