Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/bit_reader.c
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/bit_reader.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/context.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/dictionary.c
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/dictionary.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/huffman.c
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/huffman.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/port.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/prefix.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/state.c
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/state.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/transform.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/dec/types.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/bit_cost.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/block_splitter.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/block_splitter.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/brotli_bit_stream.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/brotli_bit_stream.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/cluster.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/command.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/context.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/dictionary.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/dictionary.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/dictionary_hash.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/entropy_encode.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/entropy_encode.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/entropy_encode_static.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/fast_log.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/find_match_length.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/hash.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/histogram.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/histogram.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/literal_cost.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/literal_cost.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/metablock.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/metablock.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/prefix.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/ringbuffer.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/static_dict.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/static_dict.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/static_dict_lut.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/streams.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/streams.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/transform.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/types.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/utf8_util.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/utf8_util.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/enc/write_bits.h
Examining data/h2o-2.2.5+dfsg2/deps/brotli/python/brotlimodule.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc
Examining data/h2o-2.2.5+dfsg2/deps/brotli/tools/version.h
Examining data/h2o-2.2.5+dfsg2/deps/cloexec/cloexec.c
Examining data/h2o-2.2.5+dfsg2/deps/cloexec/cloexec.h
Examining data/h2o-2.2.5+dfsg2/deps/golombset/golombset.h
Examining data/h2o-2.2.5+dfsg2/deps/golombset/test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/bgzf.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kbit.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kbtree.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kgraph.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/khash.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/khmm.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/khmm.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/klist.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kmath.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kmath.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/knetfile.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/knhx.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/knhx.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kopen.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/ksa.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kseq.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kson.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kson.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/ksort.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kstring.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kstring.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/ksw.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/ksw.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kthread.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kurl.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/kurl.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/kvec.h
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kbit_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kbtree_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kgraph_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith2.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/khash_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/klist_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kmin_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_bench.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_bench2.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kthread_test.c
Examining data/h2o-2.2.5+dfsg2/deps/klib/test/kvec_test.cc
Examining data/h2o-2.2.5+dfsg2/deps/libgkc/gkc.c
Examining data/h2o-2.2.5+dfsg2/deps/libgkc/gkc.h
Examining data/h2o-2.2.5+dfsg2/deps/libgkc/test.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/close.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/connect.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/example/counter.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/example/memcache.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/recv.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/set_compression.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/socket.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/strerror.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/t.h
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/text.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/text_mode.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/yrmcds.h
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/yrmcds_portability.h
Examining data/h2o-2.2.5+dfsg2/deps/libyrmcds/yrmcds_text.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/Win/dirent.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/dir.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-dir/test/dirtest.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-errno/src/errno.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-file-stat/src/file-stat.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-file-stat/test/file-stat.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-iijson/src/json.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-iijson/test/testjson.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-input-stream/src/mruby_input_stream.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-input-stream/src/mruby_input_stream.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/include/mruby/ext/io.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file_test.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/src/mruby_io_gem.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/examples/mrbgems/c_and_ruby_extension_example/src/example.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/examples/mrbgems/c_extension_example/src/example.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/examples/mrbgems/c_extension_example/test/example.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mrbconf.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/array.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/boxing_nan.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/boxing_no.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/boxing_word.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/class.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/common.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/compile.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/data.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/debug.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/dump.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/error.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/gc.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/hash.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/irep.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/istruct.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/khash.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/numeric.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/object.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/opcode.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/proc.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/range.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/re.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/string.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/throw.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/value.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/variable.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/version.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-array-ext/src/array.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apiprint.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apiprint.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdprint.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdrun.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdbconf.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdberror.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-class-ext/src/class.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/node.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-error/src/exception.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-error/test/exception.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-eval/src/eval.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-exit/src/mruby-exit.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-fiber/src/fiber.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-hash-ext/src/hash-ext.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-inline-struct/test/inline.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-kernel-ext/src/kernel.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-math/src/math.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-numeric-ext/src/numeric_ext.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-object-ext/src/object.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-print/src/print.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-proc-ext/src/proc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-proc-ext/test/proc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/mt19937ar.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/mt19937ar.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-range-ext/src/range.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/kernel.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-string-ext/src/string.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-struct/src/struct.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-symbol-ext/src/symbol.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-test/driver.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-test/init_mrbtest.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/mrblib/init_mrblib.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/array.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/backtrace.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/class.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/codedump.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/compar.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/crc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/debug.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/enum.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/error.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/error.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/etc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/gc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/hash.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/init.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/kernel.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/load.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/numeric.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/object.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/opcode.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/pool.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/print.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/proc.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/range.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/state.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/value_array.h
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/variable.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/version.c
Examining data/h2o-2.2.5+dfsg2/deps/mruby/src/vm.c
Examining data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c
Examining data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.h
Examining data/h2o-2.2.5+dfsg2/deps/neverbleed/test.c
Examining data/h2o-2.2.5+dfsg2/deps/picohttpparser/bench.c
Examining data/h2o-2.2.5+dfsg2/deps/picohttpparser/picohttpparser.c
Examining data/h2o-2.2.5+dfsg2/deps/picohttpparser/picohttpparser.h
Examining data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c
Examining data/h2o-2.2.5+dfsg2/deps/picotest/picotest.c
Examining data/h2o-2.2.5+dfsg2/deps/picotest/picotest.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/extra_vecs/openssl-hash.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/shitlisp/sl-cifra.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/aes.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/aes.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/boot.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/ext/cutest.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/main.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/unacl/scalarmult.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/bitops.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/blockwise.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/blockwise.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/cbcmac.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ccm.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/cf_config.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20poly1305.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20poly1305.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chash.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chash.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/cmac.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.naclref.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.tweetnacl.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/eax.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/handy.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gcm.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gf128.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gf128.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/hmac.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/hmac.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/norx.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/norx.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/pbkdf2.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/pbkdf2.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/poly1305.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/poly1305.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/prp.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha1.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha1.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha2.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha256.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha3.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha3.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha512.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/tassert.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testaes.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testchacha20poly1305.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testcurve25519.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testdrbg.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testmodes.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testnorx.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testpoly1305.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsalsa20.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha1.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha2.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha3.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testutil.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/test/test_compress.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/test/test_compute.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/test/test_ecdh.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/test/test_ecdsa.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/types.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC_vli.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/include/picotls.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/include/picotls/asn1.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/include/picotls/minicrypto.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/include/picotls/openssl.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/include/picotls/pembase64.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/asn1.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/minicrypto-pem.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/openssl.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/pembase64.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/lib/uecc.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotls/targetver.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotls/wincompat.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotls/wintimeofday.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotlsvs/picotlsvs.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotlsvs/targetver.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/minicrypto.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/test.h
Examining data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinning/ISPCertificatePinning.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinning/ISPPinnedNSURLConnectionDelegate.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinning/ISPPinnedNSURLSessionDelegate.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/openssl/openssl_hostname_validation.c
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/openssl/openssl_hostname_validation.h
Examining data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/openssl/test_client.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/include/yaml.h
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/dumper.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/loader.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/parser.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/reader.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/scanner.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/writer.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/src/yaml_private.h
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor-alt.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-reformatter-alt.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-reformatter.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-dumper.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-emitter.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-loader.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-parser.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-scanner.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/test-reader.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/tests/test-version.c
Examining data/h2o-2.2.5+dfsg2/deps/yaml/win32/config.h
Examining data/h2o-2.2.5+dfsg2/deps/yoml/test-yoml.c
Examining data/h2o-2.2.5+dfsg2/deps/yoml/yoml-parser.h
Examining data/h2o-2.2.5+dfsg2/deps/yoml/yoml.h
Examining data/h2o-2.2.5+dfsg2/examples/libh2o/http1client.c
Examining data/h2o-2.2.5+dfsg2/examples/libh2o/latency-optimization.c
Examining data/h2o-2.2.5+dfsg2/examples/libh2o/simple.c
Examining data/h2o-2.2.5+dfsg2/examples/libh2o/socket-client.c
Examining data/h2o-2.2.5+dfsg2/examples/libh2o/websocket.c
Examining data/h2o-2.2.5+dfsg2/fuzz/driver.cc
Examining data/h2o-2.2.5+dfsg2/fuzz/driver_url.cc
Examining data/h2o-2.2.5+dfsg2/include/h2o.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/cache.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/cache_digests.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/configurator.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/file.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/filecache.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/hostinfo.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http1.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http1client.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http2.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http2_casper.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http2_scheduler.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/linklist.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/memcached.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/memory.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/mruby_.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/multithread.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/openssl_backport.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/rand.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/serverutil.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/socket.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/socket/evloop.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/socket/uv-binding.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/socketpool.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/string_.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/time_.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/timeout.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/token.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/tunnel.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/url.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/version.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/websocket.h
Examining data/h2o-2.2.5+dfsg2/include/h2o/http2_internal.h
Examining data/h2o-2.2.5+dfsg2/lib/common/cache.c
Examining data/h2o-2.2.5+dfsg2/lib/common/file.c
Examining data/h2o-2.2.5+dfsg2/lib/common/filecache.c
Examining data/h2o-2.2.5+dfsg2/lib/common/hostinfo.c
Examining data/h2o-2.2.5+dfsg2/lib/common/http1client.c
Examining data/h2o-2.2.5+dfsg2/lib/common/memcached.c
Examining data/h2o-2.2.5+dfsg2/lib/common/memory.c
Examining data/h2o-2.2.5+dfsg2/lib/common/multithread.c
Examining data/h2o-2.2.5+dfsg2/lib/common/serverutil.c
Examining data/h2o-2.2.5+dfsg2/lib/common/socket.c
Examining data/h2o-2.2.5+dfsg2/lib/common/socket/evloop.c.h
Examining data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/epoll.c.h
Examining data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/kqueue.c.h
Examining data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/poll.c.h
Examining data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h
Examining data/h2o-2.2.5+dfsg2/lib/common/socketpool.c
Examining data/h2o-2.2.5+dfsg2/lib/common/string.c
Examining data/h2o-2.2.5+dfsg2/lib/common/time.c
Examining data/h2o-2.2.5+dfsg2/lib/common/timeout.c
Examining data/h2o-2.2.5+dfsg2/lib/common/url.c
Examining data/h2o-2.2.5+dfsg2/lib/core/config.c
Examining data/h2o-2.2.5+dfsg2/lib/core/configurator.c
Examining data/h2o-2.2.5+dfsg2/lib/core/context.c
Examining data/h2o-2.2.5+dfsg2/lib/core/headers.c
Examining data/h2o-2.2.5+dfsg2/lib/core/logconf.c
Examining data/h2o-2.2.5+dfsg2/lib/core/proxy.c
Examining data/h2o-2.2.5+dfsg2/lib/core/request.c
Examining data/h2o-2.2.5+dfsg2/lib/core/token.c
Examining data/h2o-2.2.5+dfsg2/lib/core/token_table.h
Examining data/h2o-2.2.5+dfsg2/lib/core/util.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/access_log.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/chunked.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/compress.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/compress/brotli.cc
Examining data/h2o-2.2.5+dfsg2/lib/handler/compress/gzip.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/access_log.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/compress.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/errordoc.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/expires.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/file.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/http2_debug_state.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/mruby.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/redirect.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/reproxy.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/status.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/throttle_resp.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/configurator/proxy.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/errordoc.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/expires.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/file.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/file/_templates.c.h
Examining data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h
Examining data/h2o-2.2.5+dfsg2/lib/handler/headers.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/headers_util.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/http2_debug_state.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/mimemap/defaults.c.h
Examining data/h2o-2.2.5+dfsg2/lib/handler/mruby.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/mruby/chunked.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/mruby/embedded.c.h
Examining data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/proxy.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/redirect.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/reproxy.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/status.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/status/durations.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/status/events.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/status/requests.c
Examining data/h2o-2.2.5+dfsg2/lib/handler/throttle_resp.c
Examining data/h2o-2.2.5+dfsg2/lib/http1.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/cache_digests.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/casper.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/frame.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/hpack.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/hpack_huffman_table.h
Examining data/h2o-2.2.5+dfsg2/lib/http2/hpack_static_table.h
Examining data/h2o-2.2.5+dfsg2/lib/http2/http2_debug_state.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/scheduler.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/stream.c
Examining data/h2o-2.2.5+dfsg2/lib/http2/connection.c
Examining data/h2o-2.2.5+dfsg2/lib/tunnel.c
Examining data/h2o-2.2.5+dfsg2/lib/websocket.c
Examining data/h2o-2.2.5+dfsg2/src/main.c
Examining data/h2o-2.2.5+dfsg2/src/setuidgid.c
Examining data/h2o-2.2.5+dfsg2/src/ssl.c
Examining data/h2o-2.2.5+dfsg2/src/standalone.h
Examining data/h2o-2.2.5+dfsg2/t/00unit/issues/293.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/issues/percent-encode-zero-byte.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/cache.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/hostinfo.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/multithread.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/serverutil.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/socket.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/string.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/time.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/common/url.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/core/headers.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/core/proxy.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/compress.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/fastcgi.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/headers.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/mimemap.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/redirect.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/cache_digests.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/casper.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/hpack.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/src/ssl.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/test.c
Examining data/h2o-2.2.5+dfsg2/t/00unit/test.h
FINAL RESULTS:
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:42:23: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define CHMOD(a, b) chmod(a,b)
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1162:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(daemon_vars.nb->sun_.sun_path, pw->pw_uid, pw->pw_gid) != 0)
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1165:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(dir, pw->pw_uid, pw->pw_gid) != 0)
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:178:23: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (pw != NULL && chown(sa->sun_path, pw->pw_uid, pw->pw_gid) != 0) {
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:316:36: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (h2o_user_pw != NULL && chown(dirname, h2o_user_pw->pw_uid, h2o_user_pw->pw_gid) != 0) {
data/h2o-2.2.5+dfsg2/src/main.c:934:26: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (owner != NULL && chown(sa->sun_path, owner->pw_uid, owner->pw_gid) != 0) {
data/h2o-2.2.5+dfsg2/src/main.c:939:29: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (mode != UINT_MAX && chmod(sa->sun_path, mode) != 0) {
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:49:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define BROTLI_LOG(x) printf x
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:311:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fp->retr, "RETR %s\r\n", p);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:313:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fp->size_cmd, "SIZE %s\r\n", p);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:412:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
l += sprintf(buf + l, "GET %s HTTP/1.0\r\nHost: %s\r\n", fp->path, fp->http_host);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:90:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
l += sprintf(buf + l, "GET %s HTTP/1.0\r\nHost: %s\r\n", path, http_host);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:165:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(retr, "RETR %s\r\n", p);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:277:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:279:12: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} else execl("/bin/sh", "sh", "-c", p + 1, NULL);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:13:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = vsnprintf(s->s + s->l, s->m - s->l, fmt, args); // This line does not work with glibc 2.0. See `man snprintf'.
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:20:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = vsnprintf(s->s + s->l, s->m - s->l, fmt, args);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:448:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcat(strcpy(path, home), "/.awssecret");
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:263:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf(argv[2], "%" PRIu32, &resources) != 1 ) {
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:267:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf(argv[3], "%" PRIu32, &initial) != 1 ) {
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:278:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf(argv[2], "%" PRIu32, &resources) != 1 ) {
data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/Win/dirent.c:51:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcpy(dir->name, name), all);
data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/Win/dirent.c:51:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcat(strcpy(dir->name, name), all);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:24:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, name);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:37:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, name);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:39:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, value);
data/h2o-2.2.5+dfsg2/deps/mruby-file-stat/test/file-stat.c:9:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmd);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:167:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", pname, (char *)NULL);
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/value.h:80:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf(s, n, format, arg) mrb_msvc_vsnprintf(s, n, format, arg)
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/value.h:81:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf(s, n, format, ...) mrb_msvc_snprintf(s, n, format, __VA_ARGS__)
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:55:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, dir);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:58:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, base);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:100:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file->path, filename);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:154:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(found_newline ? "%s\n" : "%s", buf);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:113:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDBPNO, ps);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:118:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_NOBPNO, bpno);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:142:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDSTR, args);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:162:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_INFO_MSG_LINEBREAK,
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:167:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_INFO_MSG_METHODBREAK_NOCLASS,
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:171:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_INFO_MSG_METHODBREAK,
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:229:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_NOBPNO_INFO, bpno);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:265:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDSTR, args);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:292:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDMETHOD, args);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:301:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDMETHOD, body);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:311:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDCLASS, args);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:350:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_SET_MSG_LINE, ret, file, line);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:353:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_SET_MSG_METHOD, ret, method);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:356:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_SET_MSG_CLASS_METHOD, ret, cname, method);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:362:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDLINENO, line, file);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:365:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BREAK_ERR_MSG_INVALIDFILE, file);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:261:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, ext);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:489:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_code_line, line);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:502:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ruby_code, last_code_line);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:508:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruby_code, last_code_line);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:865:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(nbuf, sizeof(nbuf), "%" MRB_PRId, v);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:885:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(++s, sizeof(nbuf)-1, "%" MRB_PRIo, v);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:888:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(++s, sizeof(nbuf)-1, "%" MRB_PRIx, v);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:1062:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf(&buf[blen], need, fbuf, fval);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:84:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:90:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2))) static void warnf(const char *fmt, ...)
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:99:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2), noreturn)) static void dief(const char *fmt, ...)
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:321:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + bytes_ready, encoded + bytes_to_consume - 1);
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.c:41:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 1, 2)))
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.c:50:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, arg);
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.c:56:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 2, 3)))
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.c:67:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, arg);
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.h:29:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void note(const char *fmt, ...) __attribute__((format (printf, 1, 2)));
data/h2o-2.2.5+dfsg2/deps/picotest/picotest.h:30:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void _ok(int cond, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:149:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, args);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:232:14: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
n += vprintf(fmt, args);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:358:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:90:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PTLS_DEBUGF(...) fprintf(stderr, __VA_ARGS__)
data/h2o-2.2.5+dfsg2/deps/picotls/picotlsvs/picotlsvs/picotlsvs.c:16:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, argptr);
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:98:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(st.fn, fn);
data/h2o-2.2.5+dfsg2/deps/yaml/src/dumper.c:254:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((char *)anchor, ANCHOR_TEMPLATE, anchor_id);
data/h2o-2.2.5+dfsg2/include/h2o.h:1495:104: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void h2o_req_log_error(h2o_req_t *req, const char *module, const char *fmt, ...) __attribute__((format(printf, 3, 4)));
data/h2o-2.2.5+dfsg2/include/h2o/configurator.h:148:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/h2o-2.2.5+dfsg2/include/h2o/configurator.h:157:27: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
__attribute__((format(scanf, 3, 4)));
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref->_path, path);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:249:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfn, inbuf->_prototype->mmap_settings->fn_template);
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newenv[num], "H2O_ROOT=" H2O_TO_STR(H2O_ROOT));
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:172:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, argv);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:849:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = sprintf(s, "%" PRId16, (int16_t)bits);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1211:41: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
session_cache_key.len = sprintf(session_cache_key.base, "%s:%" PRIu16, server_name, (uint16_t)port);
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/epoll.c.h:28:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_LOG(...) fprintf(stderr, __VA_ARGS__)
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/kqueue.c.h:29:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_LOG(...) fprintf(stderr, __VA_ARGS__)
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop/poll.c.h:26:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_LOG(...) fprintf(stderr, __VA_ARGS__)
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:116:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, ((struct sockaddr_un *)sa)->sun_path);
data/h2o-2.2.5+dfsg2/lib/common/time.c:171:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%02d/%s/%d:%02d:%02d:%02d %c%02d%02d", localt.tm_mday,
data/h2o-2.2.5+dfsg2/lib/core/config.c:257:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hostconf->authority.hostport.base, "[%s]:%" PRIu16, hostconf->authority.host.base, port);
data/h2o-2.2.5+dfsg2/lib/core/config.c:260:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hostconf->authority.hostport.base, "%s:%" PRIu16, hostconf->authority.host.base, port);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1028:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, reason, args);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1041:17: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscan_ret = vsscanf(node->data.scalar, fmt, args);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1097:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_fullpath, "%s/%s", root, cmd);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:172:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "failed to compile log format: unterminated header name starting at: \"%16s\"", pt);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:437:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRIu16, (uint16_t)port);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:454:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRId32, delta_sec); \
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:539:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRIu64, (uint64_t)req->bytes_sent);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:585:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRId32, (int32_t)(element->original_response ? req->res.original.status : req->res.status));
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:614:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRIu32, (uint32_t)req->processed_at.at.tv_sec);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:620:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRIu64,
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:628:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(pos, "%" PRIu64, (uint64_t)req->processed_at.at.tv_sec * 1000000 + (uint64_t)req->processed_at.at.tv_usec);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:709:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
pos += sprintf(pos, "%" PRIu64, req->conn->id);
data/h2o-2.2.5+dfsg2/lib/core/request.c:568:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
errlen = vsnprintf(errbuf, INITIAL_BUF_SIZE, fmt, args);
data/h2o-2.2.5+dfsg2/lib/core/request.c:574:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
errlen = vsnprintf(errbuf, errlen + 1, fmt, args);
data/h2o-2.2.5+dfsg2/lib/core/request.c:587:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "[%s] in request:", module);
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:133:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa.sun_path, servname);
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:138:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(servname, "%" SCNu16, &port) != 1) {
data/h2o-2.2.5+dfsg2/lib/handler/expires.c:78:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
self->value.len = sprintf(self->value.base, "max-age=%" PRIu64, args->data.max_age);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:202:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int l = sprintf(buf, "%" PRIu16, (uint16_t)port);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:167:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(self->buf, "\r\n--%s\r\nContent-Type: %s\r\nContent-Range: bytes %zd-%zd/%zd\r\n\r\n",
data/h2o-2.2.5+dfsg2/lib/handler/file.c:171:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(self->buf, "--%s\r\nContent-Type: %s\r\nContent-Range: bytes %zd-%zd/%zd\r\n\r\n",
data/h2o-2.2.5+dfsg2/lib/handler/file.c:191:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vec[1].len = sprintf(vec[1].base, "\r\n--%s--\r\n", self->ranged.boundary.base);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:252:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(variant_path + path_len, ext); \
data/h2o-2.2.5+dfsg2/lib/handler/file.c:339:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mime_type.len = sprintf(mime_type.base, "multipart/byteranges; boundary=%s", self->ranged.boundary.base);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:399:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mime, _mime);
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:407:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
l = (int)sprintf(buf, "%" PRIu16, (uint16_t)p);
data/h2o-2.2.5+dfsg2/lib/handler/status/durations.c:122:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret.len = snprintf(
data/h2o-2.2.5+dfsg2/lib/http1.c:621:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
dst += sprintf(dst, "HTTP/1.1 %d %s\r\nDate: %s\r\nConnection: %s\r\nContent-Length: %zu\r\n", req->res.status,
data/h2o-2.2.5+dfsg2/lib/http1.c:624:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
dst += sprintf(dst, "HTTP/1.1 %d %s\r\nDate: %s\r\nConnection: %s\r\n", req->res.status, req->res.reason, ts.str->rfc1123,
data/h2o-2.2.5+dfsg2/lib/http1.c:628:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
dst += sprintf(dst, "Server: %s\r\n", ctx->globalconf->server_name.base);
data/h2o-2.2.5+dfsg2/lib/http1.c:793:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = sprintf(s, "%" PRIu64, conn->_req_index);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1134:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = (size_t)sprintf(s, "%" PRIu32, stream->stream_id);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1142:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = (size_t)sprintf(s, "%c:%" PRIu32 ":%" PRIu16, stream->received_priority.exclusive ? '1' : '0',
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1157:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = sprintf(s, "%" PRIu32, stream->received_priority.dependency);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1165:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = sprintf(s, "%" PRIu16, stream->received_priority.weight);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1185:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = (size_t)sprintf(s, "%" PRIu32 ":%" PRIu16, get_parent_stream_id(conn, stream),
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1195:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = (size_t)sprintf(s, "%" PRIu32, get_parent_stream_id(conn, stream));
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1203:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t len = (size_t)sprintf(s, "%" PRIu16, h2o_http2_scheduler_get_weight(&stream->_refs.scheduler));
data/h2o-2.2.5+dfsg2/lib/http2/http2_debug_state.c:65:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4))) static void append_chunk(h2o_mem_pool_t *pool, h2o_iovec_vector_t *chunks, const char *fmt,
data/h2o-2.2.5+dfsg2/lib/http2/http2_debug_state.c:71:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf(NULL, 0, fmt, args);
data/h2o-2.2.5+dfsg2/lib/http2/http2_debug_state.c:80:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
v.len = vsnprintf(v.base, size + 1, fmt, args);
data/h2o-2.2.5+dfsg2/src/main.c:1083:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa.sun_path, servname);
data/h2o-2.2.5+dfsg2/src/main.c:1305:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(h2o_socket_buffer_mmap_settings.fn_template, buf);
data/h2o-2.2.5+dfsg2/src/main.c:1710:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newarg, "--port=[%s]:%s", host, serv);
data/h2o-2.2.5+dfsg2/src/main.c:1712:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newarg, "--port=%s:%s", host, serv);
data/h2o-2.2.5+dfsg2/src/main.c:1718:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newarg, "--path=%s", sa->sun_path);
data/h2o-2.2.5+dfsg2/src/main.c:1739:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(args[0], args);
data/h2o-2.2.5+dfsg2/src/setuidgid.c:75:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*argv, argv);
data/h2o-2.2.5+dfsg2/src/ssl.c:425:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(t->data.scalar, "%" SCNu64, ¬_before) != 1) {
data/h2o-2.2.5+dfsg2/src/ssl.c:431:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(t->data.scalar, "%" SCNu64, ¬_after) != 1) {
data/h2o-2.2.5+dfsg2/src/ssl.c:462:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr, "parse error at line %d:%s\n", (int)parser.problem_mark.line, parser.problem);
data/h2o-2.2.5+dfsg2/src/ssl.c:473:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errstr, "at element index %zu:%s\n", i, errbuf);
data/h2o-2.2.5+dfsg2/src/ssl.c:619:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ERR_PREFIX "%s\n", fn, errbuf);
data/h2o-2.2.5+dfsg2/src/ssl.c:624:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ERR_PREFIX "%s\n", fn, errbuf);
data/h2o-2.2.5+dfsg2/src/ssl.c:838:58: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (!(value->type == YOML_TYPE_SCALAR && sscanf(value->data.scalar, "%" SCNu16, &conf.memcached.port) == 1)) {
data/h2o-2.2.5+dfsg2/t/00unit/issues/293.c:37:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(authority, "%.*s:%" PRIu16, (int)host.len, host.base, port);
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:553:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expected[0].base, "Content-Type: %s\r\nContent-Range: bytes 0-9/1000\r\n\r\n%s", "text/plain", "123456789\n");
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:555:27: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
expected[1].len = sprintf(expected[1].base, "Content-Type: %s\r\nContent-Range: bytes 989-999/1000\r\n\r\n%s", "text/plain",
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:583:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expected[0].base, "Content-Type: %s\r\nContent-Range: bytes 1-3/1000\r\n\r\n%s", "text/plain", "234");
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:586:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expected[1].base, "Content-Type: %s\r\nContent-Range: bytes 5-9/1000\r\n\r\n%s", "text/plain", "6789\n");
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:74:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, node->name);
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:387:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, n->name);
data/h2o-2.2.5+dfsg2/t/00unit/src/ssl.c:141:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(memc_port_str, "%" SCNu16, &memc_port) != 1) {
data/h2o-2.2.5+dfsg2/deps/klib/khmm.c:398:6: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = drand48();
data/h2o-2.2.5+dfsg2/deps/klib/khmm.c:406:7: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = drand48();
data/h2o-2.2.5+dfsg2/deps/klib/khmm.c:412:7: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = drand48();
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:386:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
proxy = getenv("http_proxy");
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:72:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
proxy = getenv("http_proxy");
data/h2o-2.2.5+dfsg2/deps/klib/ksort.h:265:14: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = (int)(drand48() * i); \
data/h2o-2.2.5+dfsg2/deps/klib/ksort.h:273:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double z = 1., x = drand48(); \
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:574:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:b:q:r:ft:1")) >= 0) {
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:444:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:548:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:l:a:")) >= 0) {
data/h2o-2.2.5+dfsg2/deps/klib/test/kbit_test.c:104:20: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x[i] = (uint64_t)lrand48() << 32 ^ lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kbit_test.c:104:38: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x[i] = (uint64_t)lrand48() << 32 ^ lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kbtree_test.c:27:40: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int_data[i] = (unsigned)(data_size * drand48() / 4) * 271828183u;
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:18:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:25:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:44:39: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) b[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:58:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:71:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:89:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:807:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:824:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:843:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:854:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:865:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:884:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:897:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:904:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:921:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:938:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:957:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:970:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:983:42: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (i = 0; i < N; ++i) array[i] = (int)lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench.c:17:11: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x = lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench.c:25:11: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x = lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench.c:35:11: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x = lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench.c:44:11: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x = lrand48();
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:28:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i] = (int)(a * drand48()) + '!';
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:87:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int y = lrand48() % (str_len - pat_len);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:97:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int y = lrand48() % (str_len - pat_len);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:110:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int y = lrand48() % (str_len - pat_len);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:122:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int y = lrand48() % (str_len - pat_len);
data/h2o-2.2.5+dfsg2/deps/libgkc/test.c:82:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/h2o-2.2.5+dfsg2/deps/libgkc/test.c:84:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long r = random() % 10000;
data/h2o-2.2.5+dfsg2/deps/libgkc/test.c:113:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long r = random() % 10000;
data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/t.h:19:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* host = getenv("YRMCDS_HOST");
data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/t.h:24:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( getenv("YRMCDS_PORT") ) {
data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/t.h:25:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
port = (uint16_t)atoi(getenv("YRMCDS_PORT"));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:209:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "s:p:h");
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:997:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "s:p:c:dtqvh");
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:58:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cvalue = getenv(cname);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:73:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(key) != NULL) {
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:35:11: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
#define realpath(N,R) _fullpath((R),(N),_MAX_PATH)
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:197:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(cpath, RSTRING_PTR(result)) == NULL)
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:232:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:38:17: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
uniqueNum = GetTempFileName(pathBuffer, template, 0, tempFilename);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:59:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:63:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("USERPROFILE");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:111:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return mrb_random_rand(mrb, random);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:118:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return mrb_random_srand(mrb, random);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:209:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_get_args(mrb, "|d", &random, &mt_state_type);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:214:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_random_rand_seed(mrb, random);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:224:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = mrb_fixnum(mrb_random_mt_rand(mrb, random, mrb_fixnum_value(RARRAY_LEN(ary))));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:274:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_get_args(mrb, "|i?d", &n, &given, &random, &mt_state_type);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:278:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_random_rand_seed(mrb, random);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:279:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mt_rand(random);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:288:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return RARRAY_PTR(ary)[mt_rand(random) % len];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:303:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = mt_rand(random) % len;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:324:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
struct RClass *random;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:331:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
MRB_SET_INSTANCE_TT(random, MRB_TT_DATA);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:332:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_define_class_method(mrb, random, "rand", mrb_random_g_rand, MRB_ARGS_OPT(1));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:333:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_define_class_method(mrb, random, "srand", mrb_random_g_srand, MRB_ARGS_OPT(1));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:335:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_define_method(mrb, random, "initialize", mrb_random_init, MRB_ARGS_OPT(1));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:336:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_define_method(mrb, random, "rand", mrb_random_rand, MRB_ARGS_OPT(1));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:337:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_define_method(mrb, random, "srand", mrb_random_srand, MRB_ARGS_OPT(1));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:343:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_const_set(mrb, mrb_obj_value(random), mrb_intern_lit(mrb, "DEFAULT"),
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-random/src/random.c:344:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mrb_obj_new(mrb, random, 0, NULL));
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:980:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uECC_VLI_API int uECC_generate_random_int(uECC_word_t *random,
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:992:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) {
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:995:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits));
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:996:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!uECC_vli_isZero(random, num_words) &&
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:997:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uECC_vli_cmp(top, random, num_words) == 1) {
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC_vli.h:162:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int uECC_generate_random_int(uECC_word_t *random,
data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c:321:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "46c:i:k:nes:Sl:vh")) != -1) {
data/h2o-2.2.5+dfsg2/examples/libh2o/latency-optimization.c:263:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt_ch = getopt_long(argc, argv, "lrtb:R:c:", longopts, NULL)) != -1) {
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:338:38: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((client_timeout_ms_str = getenv("H2O_FUZZER_CLIENT_TIMEOUT")) != NULL)
data/h2o-2.2.5+dfsg2/include/h2o/rand.h:32:21: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define h2o_srand() srand(time(NULL) ^ getpid())
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:90:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ports_env = getenv("SERVER_STARTER_PORT")) == NULL)
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1091:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((root = getenv("H2O_ROOT")) == NULL) {
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:59:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *root = getenv("H2O_ROOT");
data/h2o-2.2.5+dfsg2/lib/handler/status.c:207:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *root = getenv("H2O_ROOT");
data/h2o-2.2.5+dfsg2/src/main.c:1812:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((generation = getenv("SERVER_STARTER_GENERATION")) == NULL)
data/h2o-2.2.5+dfsg2/src/main.c:1974:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, "c:m:tvh", longopts, NULL)) != -1) {
data/h2o-2.2.5+dfsg2/src/main.c:1994:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SERVER_STARTER_PORT") != NULL) {
data/h2o-2.2.5+dfsg2/src/main.c:2067:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
conf.server_starter.env_var = getenv("SERVER_STARTER_PORT");
data/h2o-2.2.5+dfsg2/src/main.c:2124:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("H2O_VIA_MASTER") != NULL) {
data/h2o-2.2.5+dfsg2/t/00unit/src/ssl.c:137:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((memc_port_str = getenv("MEMCACHED_PORT")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/brotli/dec/bit_reader.h:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, br->next_in, num);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buffer, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pattern, &b0123, 4);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:1158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*next_out, start, num_written);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:1198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->ringbuffer[(-s->custom_dict_size) & s->ringbuffer_mask],
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:1687:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->ringbuffer[pos], word, (size_t)len);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:1743:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
data/h2o-2.2.5+dfsg2/deps/brotli/dec/decode.c:2177:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos);
data/h2o-2.2.5+dfsg2/deps/brotli/dec/huffman.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&table[table_size], &table[0],
data/h2o-2.2.5+dfsg2/deps/brotli/dec/huffman.c:348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&table[table_size], &table[0],
data/h2o-2.2.5+dfsg2/deps/brotli/dec/transform.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char kPrefixSuffix[208] =
data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.cc:160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&result_dist_cache[1], dist_cache, 3 * sizeof(dist_cache[0]));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.cc:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result_dist_cache, dist_cache, 4 * sizeof(dist_cache[0]));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.cc:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nodes[0].distance_cache, dist_cache, 4 * sizeof(dist_cache[0]));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/backward_references.cc:721:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dist_cache, orig_dist_cache, 4 * sizeof(dist_cache[0]));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/block_splitter.cc:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*literals)[pos], data + from_pos, head_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/block_splitter.cc:70:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*literals)[pos], data + from_pos, insert_len);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/brotli_bit_stream.cc:1095:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage[*storage_ix >> 3], &input[masked_pos], len1);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/brotli_bit_stream.cc:1100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage[*storage_ix >> 3], &input[masked_pos], len);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth, depth, 24);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 24, depth + 40, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 32, depth + 24, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 40, depth + 48, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 48, depth + 32, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 56, depth + 56, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits, cmd_bits, 48);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 24, cmd_bits + 32, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 32, cmd_bits + 48, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 40, cmd_bits + 24, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 48, cmd_bits + 40, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 56, cmd_bits + 56, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth, depth, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 64, depth + 8, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 128, depth + 16, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 192, depth + 24, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 384, depth + 32, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment.cc:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage[*storage_ix >> 3], begin, len);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth, depth + 24, 24);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 24, depth, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 32, depth + 48, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 40, depth + 8, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 48, depth + 56, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 56, depth + 16, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits, cmd_bits + 24, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 8, cmd_bits + 40, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 16, cmd_bits + 56, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 24, cmd_bits, 48);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 48, cmd_bits + 32, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits + 56, cmd_bits + 48, 16);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth, depth + 24, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 64, depth + 32, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 128, depth + 40, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 192, depth + 48, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_depth + 384, depth + 56, 8);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:310:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*literals, next_emit, static_cast<size_t>(insert));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*literals, next_emit, insert);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/compress_fragment_two_pass.cc:504:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage[*storage_ix >> 3], input, block_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:43:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define COPY_ARRAY(dst, src) memcpy(dst, src, sizeof(src));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_dist_cache_, dist_cache_, sizeof(dist_cache_));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:675:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_dist_cache_, dist_cache_, sizeof(dist_cache_));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:693:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded_buffer, output, out_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded_buffer, hdr_buffer, *encoded_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:725:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded_buffer, hdr_buffer, hdr_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:726:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&encoded_buffer[hdr_size], input_buffer, input_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:832:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, data, *bytes_read);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode.cc:840:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf_[*bytes_read], data, cur_bytes_read);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.cc:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&input[0], prefix_buffer, prefix_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.cc:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&input[input_pos], input_buffer, input_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.cc:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded_buffer, &storage[0], output_size);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/encode_parallel.cc:271:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&encoded_buffer[out_pos], &out[0], out.size());
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/port.h:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/ringbuffer.h:57:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer_[masked_pos], bytes, n);
data/h2o-2.2.5+dfsg2/deps/brotli/enc/ringbuffer.h:61:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer_[masked_pos], bytes,
data/h2o-2.2.5+dfsg2/deps/brotli/enc/ringbuffer.h:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer_[0], bytes + (size_ - masked_pos),
data/h2o-2.2.5+dfsg2/deps/brotli/enc/ringbuffer.h:94:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer_[p], bytes, std::min(n, tail_size_ - masked_pos));
data/h2o-2.2.5+dfsg2/deps/brotli/enc/streams.cc:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, n);
data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc:136:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(input_path, "rb");
data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc:150:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(output_path, O_CREAT | excl | O_WRONLY | O_TRUNC | O_BINARY,
data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc:153:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(output_path, O_CREAT | excl | O_WRONLY | O_TRUNC,
data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc:171:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "rb");
data/h2o-2.2.5+dfsg2/deps/golombset/test.c:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:53:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define _bgzf_open(fn, mode) fopen(fn, mode)
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:147:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpw = fopen(path, "w")) == 0) return 0;
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, g_magic, BLOCK_HEADER_LENGTH); // the last two bytes are a place holder for the length of the block
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:228:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncompressed_block, fp->uncompressed_block + input_length, remaining);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncompressed_block, p->block, BGZF_BLOCK_SIZE);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kh_val(h, k).block, fp->uncompressed_block, BGZF_BLOCK_SIZE);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressed_block, header, BLOCK_HEADER_LENGTH);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, buffer + fp->block_offset, copy_length);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:424:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + fp->block_offset, input, copy_length);
data/h2o-2.2.5+dfsg2/deps/klib/bgzf.c:543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->s + str->l, buf + fp->block_offset, l);
data/h2o-2.2.5+dfsg2/deps/klib/kbtree.h:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__KB_KEY(key_t, z), __KB_KEY(key_t, y) + b->t, sizeof(key_t) * (b->t - 1)); \
data/h2o-2.2.5+dfsg2/deps/klib/kbtree.h:180:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (y->is_internal) memcpy(__KB_PTR(b, z), __KB_PTR(b, y) + b->t, sizeof(void*) * b->t); \
data/h2o-2.2.5+dfsg2/deps/klib/khmm.c:43:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hd->seq + 1, seq, L);
data/h2o-2.2.5+dfsg2/deps/klib/kmath.c:76:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) N = atol(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/kmath.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x1, x, n * sizeof(double)); /* x1 = x */
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:175:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server.sin_port = htons(atoi(port));
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ftp->pasv_ip, v, 4 * sizeof(int));
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[80], port[10];
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:262:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(host, "%d.%d.%d.%d", ftp->pasv_ip[0], ftp->pasv_ip[1], ftp->pasv_ip[2], ftp->pasv_ip[3]);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:263:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port, "%d", ftp->pasv_port);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:344:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "REST %lld\r\n", (long long)fp->offset);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:346:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "REST ");
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:348:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "\r\n");
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:413:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
l += sprintf(buf + l, "Range: bytes=%lld-\r\n", (long long)fp->offset);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:414:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
l += sprintf(buf + l, "\r\n");
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:475:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY | O_BINARY);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:477:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_RDONLY);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->s + s->l, p, l);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:133:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, ":%g", p->d);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[128];
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:91:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
l += sprintf(buf + l, "\r\n");
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host2[80], port2[10];
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pasv_ip, v, 4 * sizeof(int));
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:185:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(host2, "%d.%d.%d.%d", pasv_ip[0], pasv_ip[1], pasv_ip[2], pasv_ip[3]);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port2, "%d", pasv_port);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:265:10: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
pid = vfork();
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:290:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*_fd = open(fn, O_RDONLY | O_BINARY);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:292:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*_fd = open(fn, O_RDONLY);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:323:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/h2o-2.2.5+dfsg2/deps/klib/kseq.h:124:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin); \
data/h2o-2.2.5+dfsg2/deps/klib/kson.c:205:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1], "rb")) != 0) {
data/h2o-2.2.5+dfsg2/deps/klib/kson.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(json + len, buf, tmp);
data/h2o-2.2.5+dfsg2/deps/klib/kson.c:227:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = kson_by_index(p, atoi(argv[i]));
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->s + s->l, p, l);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->s + s->l, p, l);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:545:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_nt4_table[256] = {
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:576:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'a': sa = atoi(optarg); break;
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:577:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'b': sb = atoi(optarg); break;
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:578:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': gapo = atoi(optarg); break;
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:579:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': gape = atoi(optarg); break;
data/h2o-2.2.5+dfsg2/deps/klib/ksw.c:580:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': minsc = atoi(optarg); break;
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ku->buf + ku->l_buf, ptr, nbytes);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:154:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (is_file && (fd = open(url, O_RDONLY)) < 0) return 0;
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:225:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buf) memcpy((uint8_t*)buf + (nbytes - rest), ku->buf + ku->p_buf, rest);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t*)buf + (nbytes - rest), ku->buf + ku->p_buf, ku->l_buf - ku->p_buf);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->state.b, table, HASH_LENGTH);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->keyBuffer, sha1_final(s), HASH_LENGTH);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:396:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(s->keyBuffer, key, l_key);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:405:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->innerHash, sha1_final(s), HASH_LENGTH);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:419:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void s3_sign(const char *key, const char *data, char out[29])
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:419:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void s3_sign(const char *key, const char *data, char out[29])
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:419:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void s3_sign(const char *key, const char *data, char out[29])
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *secret, buf[128], *path;
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:448:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(strcpy(path, home), "/.awssecret");
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:450:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, l);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->s + s->l, p, l);
data/h2o-2.2.5+dfsg2/deps/klib/kvec.h:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((v1).a, (v0).a, sizeof(type) * (v0).n); \
data/h2o-2.2.5+dfsg2/deps/klib/test/kbtree_test.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/h2o-2.2.5+dfsg2/deps/klib/test/kbtree_test.c:28:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", int_data[i]);
data/h2o-2.2.5+dfsg2/deps/klib/test/kbtree_test.c:88:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) data_size = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:38:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) n = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem[curr] + block_end, buf, l);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:76:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) n = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith2.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith2.c:37:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) n = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith2.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith2.c:40:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "foo_");
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_test.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_test.c:41:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", int_data[i]);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_test.c:133:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) data_size = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_bench2.c:23:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_bench2.c:34:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.c:14:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) N = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/ksort_test.cc:802:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) N = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_bench2.c:112:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, data + y, pat_len);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c:25:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", n);
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c:36:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", n);
data/h2o-2.2.5+dfsg2/deps/klib/test/kthread_test.c:46:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_threads = atoi(argv[1]);
data/h2o-2.2.5+dfsg2/deps/libgkc/test.c:80:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("data", "w+");
data/h2o-2.2.5+dfsg2/deps/libyrmcds/connect.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sport[8];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:26:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[HEADER_SIZE];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:305:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header + 8, &c->serial, 4);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[2];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[10];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/counter.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[6];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/recv.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(r->serial), c->recvbuf + 12, 4);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:28:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[BINARY_HEADER_SIZE];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&h[12], &c->serial, 4);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[8];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[4];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[4];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[4];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[20];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[20];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[20];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[20];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[4];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char CRLF[2] = {'\r', '\n'};
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &n, sizeof(n));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[TEXTBUF_SIZE];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->pos, s, len);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[20];
data/h2o-2.2.5+dfsg2/deps/libyrmcds/send_text.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->pos, CRLF, sizeof(CRLF));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/t/t.h:25:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (uint16_t)atoi(getenv("YRMCDS_PORT"));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:216:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(optarg);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:134:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:1004:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(optarg);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:1012:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(optarg);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:123:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[PICOHASH_MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[PICOHASH_MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[PICOHASH_MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:308:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[EVP_MAX_MD_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:319:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[EVP_MAX_MD_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:396:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[EVP_MAX_MD_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:574:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:576:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx, md->ctx, md_ctx_size(md->type));
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:584:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mdstr[MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:652:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char str[MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, buf[3];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/digest.c:771:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
snprintf(buf, sizeof(buf), "%02x", (unsigned char )bp[i]);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[PICOHASH_SHA256_BLOCK_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:96:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[PICOHASH_MAX_BLOCK_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:289:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:293:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:304:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:469:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, s->state, sizeof(s->state));
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:604:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buf + ctx->curlen, in, (size_t)n);
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:709:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inner_digest[PICOHASH_MAX_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/deps/mruby-digest/src/picohash.h:738:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->_hmac.key, key, key_len);
data/h2o-2.2.5+dfsg2/deps/mruby-dir/test/dirtest.c:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/h2o-2.2.5+dfsg2/deps/mruby-errno/src/errno.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/h2o-2.2.5+dfsg2/deps/mruby-errno/src/errno.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/h2o-2.2.5+dfsg2/deps/mruby-iijson/src/json.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/h2o-2.2.5+dfsg2/deps/mruby-input-stream/src/mruby_input_stream.c:87:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_base, base, len);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[_MAX_DIR], vname[_MAX_DRIVE];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[_MAX_DRIVE + _MAX_DIR];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[_MAX_DIR];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[_MAX_EXT];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[_MAX_DIR + _MAX_EXT];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:26:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:437:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, flags, mode);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:28:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd0 = mkstemp(rfname);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:29:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd1 = mkstemp(wfname);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:30:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd2 = mkstemp(symlinkname);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:31:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd3 = mkstemp(socketname);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:44:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(rfname, "w");
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:52:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(wfname, "w");
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char utf8len_codepage[256] =
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ONIG_MAX_ERROR_MESSAGE_LEN] = "";
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ONIG_MAX_ERROR_MESSAGE_LEN] = "";
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:269:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:270:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
option_to_str(char str[4], int options) {
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[4];
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optbuf[5];
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:66:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char base64_dec_tab[128];
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[60];
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[60];
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str) + sidx, buffer, 8);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str) + sidx, buffer, 8);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, 8);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:340:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, 8);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:367:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str) + sidx, buffer, 4);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str) + sidx, buffer, 4);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:395:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, 4);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, 4);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[4];
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str) + sidx, utf8, len);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:479:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr, sptr, copylen);
data/h2o-2.2.5+dfsg2/deps/mruby-pack/src/pack.c:685:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c, ch[4];
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:29:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *template)
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathBuffer[1000];
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFilename[MAX_PATH];
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:41:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(tempFilename, _O_RDWR|_O_BINARY);
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAX_PATH] = "tmp.XXXXXXXX";
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:125:8: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpname);
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:174:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path_ptr, "rb");
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby.h:1231:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#undef memcpy
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby.h:1242:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(a,b,c) mrbmemcpy(a,b,c)
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/compile.h:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MRB_PARSER_TOKBUF_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/istruct.h:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inline_data[ISTRUCT_DATA_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/istruct.h:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ISTRUCT_PTR(dest), ISTRUCT_PTR(src), ISTRUCT_DATA_SIZE);
data/h2o-2.2.5+dfsg2/deps/mruby/include/mruby/string.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ary[RSTRING_EMBED_LEN_MAX + 1];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, dbg->bp, sizeof(mrb_debug_breakpoint) * get_size);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dbg->bp[i], &dbg->bp[i + 1], sizeof(mrb_debug_breakpoint));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:91:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->fp = fopen(filename, "rb");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_BUF_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *search_path[3];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:195:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "rb")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:164:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p != *sp && (i = atoi(*sp)) >= 0) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:115:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, item, buflen);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:127:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args->srcpath + srcpathlen + 1, item, itemlen + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:155:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
args->rfp = fopen(argv[0], args->mrbfile ? "rb" : "r");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args->argv, argv, (argc+1) * sizeof(char*));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:276:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mrdb->command, "quit");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.h:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *words[MAX_COMMAND_WORD];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:271:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
args->rfp = fopen(argv[0], "r");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:280:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args->argv, argv, (argc+1) * sizeof(char*));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ruby_code[4096] = { 0 };
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_code_line[1024] = { 0 };
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outfile, infile, infilelen + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, ext, extlen + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:181:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->f = fopen(fn, "r");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:208:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(input, "r")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:303:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((wfp = fopen(args.outfile, "wb")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:95:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, item, buflen);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:107:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args->cmdline + cmdlinelen + 1, item, itemlen + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:140:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
args->rfp = fopen(argv[0], args->mrbfile ? "rb" : "r");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args->argv, argv, (argc+1) * sizeof(char*));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c:87:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfile = fopen(filename, "rb");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c:105:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wfile = fopen(filename, "wb");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:793:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name2, name, (size_t)len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:2198:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:2897:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname, s->filename, fname_len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-inline-struct/test/inline.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "mutate", 6);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-print/src/print.c:24:18: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wlen = MultiByteToWideChar(CP_UTF8, 0, utf8, mlen, NULL, 0);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-print/src/print.c:27:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (MultiByteToWideChar(CP_UTF8, 0, utf8, mlen, utf16, wlen) > 0) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[66], *b = buf + sizeof buf;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[blen], s, l);\
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:712:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:796:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[68], *s;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:1003:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[32];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:1034:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[blen - need], expr, elen);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:1039:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[blen - elen], expr, elen);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-string-ext/src/string.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[4];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-string-ext/src/string.c:444:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(self), RSTRING_PTR(result), l);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-string-ext/src/string.c:459:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char utf8len_codepage_zero[256] =
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-string-ext/src/string.c:617:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTRING_PTR(str)+min_width-RSTRING_LEN(ns),
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-struct/src/struct.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, (size_t)len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[8];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:177:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char mon_names[12][4] = {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:181:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char wday_names[7][4] = {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, irep->iseq, irep->ilen * sizeof(mrb_code));
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, char_ptr, (size_t)len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:248:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, name, len); /* symbol name */
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin, &footer, sizeof(struct rite_binary_footer));
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, irep->filename, filename_len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:658:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, sym, sym_len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:711:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur, str, str_len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[PAD_SIZE];
data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xdigits[16] = {
data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char compiler_defines_long_double_incorrectly[9-(int)sizeof(long double)];
data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9+LDBL_MANT_DIG/4], *s;
data/h2o-2.2.5+dfsg2/deps/mruby/src/fmt_fp.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf0[3*sizeof(int)], *ebuf=&ebuf0[3*sizeof(int)], *estr;
data/h2o-2.2.5+dfsg2/deps/mruby/src/load.c:88:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irep->iseq, src, sizeof(uint32_t) * irep->ilen);
data/h2o-2.2.5+dfsg2/deps/mruby/src/load.c:237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname, bin, fname_len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/numeric.c:1167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MRB_INT_BIT+1];
data/h2o-2.2.5+dfsg2/deps/mruby/src/pool.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, p, oldlen);
data/h2o-2.2.5+dfsg2/deps/mruby/src/state.c:205:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->as.ary, ptr, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/state.c:214:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->as.heap.ptr, ptr, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->as.ary, p, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:75:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->as.heap.ptr, p, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:138:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s->as.ary, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:213:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char utf8len_codepage[256] =
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:354:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s->as.ary, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:520:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s1->as.ary, RSTR_PTR(s2), len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:590:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
wcssize = MultiByteToWideChar(GetACP(), 0, str, len, NULL, 0);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:594:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
wcssize = MultiByteToWideChar(GetACP(), 0, str, len, wcsp, wcssize + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:620:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
wcssize = MultiByteToWideChar(CP_UTF8, 0, utf8, len, NULL, 0);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:624:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
wcssize = MultiByteToWideChar(CP_UTF8, 0, utf8, len, wcsp, wcssize + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:670:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:692:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTR_PTR(s), p, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:762:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTR_PTR(t), RSTR_PTR(s), RSTR_LEN(s));
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTR_PTR(t) + RSTR_LEN(s), RSTR_PTR(s2), RSTR_LEN(s2));
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:838:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, RSTRING_PTR(self), n);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:840:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + n, p, n);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:843:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + n, p, len-n);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:1745:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, RSTRING_PTR(str), len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:1751:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, p, clen);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:2259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DBL_DIG * 4 + 10];
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:2586:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RSTR_PTR(s) + RSTR_LEN(s), ptr, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:2629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CHAR_ESC_LEN + 1];
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, name, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp+1, name, len);
data/h2o-2.2.5+dfsg2/deps/mruby/src/variable.c:877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/h2o-2.2.5+dfsg2/deps/mruby/src/vm.c:816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind_str[3][7] = { "return", "break", "yield" };
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, path, last_slash - path);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->end, &v, sizeof(v));
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->end, s, l);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->end, p, l);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, buf->start, sizeof(*v));
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:258:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vecs[vecindex].iov_base = (char *)vecs[vecindex].iov_base + r;
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:289:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[NAME_MAX + 1]; \
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:515:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_to, to, tolen);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:525:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *from, to[4096];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_sigret, sigret, siglen);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:606:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *m, sigret[4096];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:745:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *m, sigret[4096];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:818:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_sigret, sigret, siglen);
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1028:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rt")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwstrbuf[65536]; /* should be large enough */
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_token[NEVERBLEED_AUTH_TOKEN_SIZE];
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth_token[NEVERBLEED_AUTH_TOKEN_SIZE];
data/h2o-2.2.5+dfsg2/deps/neverbleed/test.c:70:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/h2o-2.2.5+dfsg2/deps/neverbleed/test.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[NEVERBLEED_ERRBUF_SIZE];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/boot.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&__etext, &__data_start__, data_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/boot.c:108:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(vtarg, vsrc, len);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32+1];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, bufmax);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byte[3];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/semihost.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof "0x11223344"];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/unacl/scalarmult.c:156:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char in[32]
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/unacl/scalarmult.c:309:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[32],
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/blockwise.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(partial + *npartial, bufin, taken);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/blockwise.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(partial + *npartial, bufin, taken);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/cbcmac.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, ctx->cbc.block, ctx->prp->blocksz);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ccm.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 1, nonce, nnonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ccm.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctr_nonce + 1, nonce, nnonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ccm.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, block, ntag);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:111:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key0, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:112:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key1, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:116:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key0, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key1, key + 16, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->nonce + 8, nonce, 8);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->nonce, nonce, sizeof ctx->nonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20poly1305.c:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullnonce + 4, nonce, 12);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/chacha20poly1305.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ourtag, tag, sizeof ourtag);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/cmac.c:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, ctx->cbc.block, ctx->cmac.prp->blocksz);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origx, x, 10 * sizeof(limb));
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xprime, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:658:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xxprime, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:672:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x3, xxxprime, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z3, zzprime, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nqpqx, q, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultx, nqx, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.donna.c:772:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultz, nqz, sizeof(limb) * 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.naclref.c:122:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void mainloop(unsigned int work[64],const unsigned char e[32])
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/curve25519.naclref.c:250:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, block, take);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c:154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bout, w, take);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ctx->V, sizeof ctx->V);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->C, ctx->V, sizeof ctx->C);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/drbg.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bout, ctx->V, take);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:298:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[32];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:394:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:405:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(tmp, "signal %d", WTERMSIG(exit_code)); signame = tmp; break;
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:415:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512] = {0};
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ext/cutest.h:527:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_verbose_level__ = atoi(argv[i] + 10);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gcm.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gcmctx->Y0, nonce, nnonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gcm.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Y0, nonce, nnonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gf128.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(V, y, sizeof V);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/gf128.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, Z, sizeof Z);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/hmac.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k, key, nkey);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.c:28:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, iv, prp->blocksz);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.c:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, ctx->block, nblk);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, input, nblk);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/modes.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->nonce, nonce, prp->blocksz);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/norx.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(partial, plain, nbytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/norx.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipher, partial, nbytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_nonce + BLOCK - nnonce, nonce, nnonce);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(accum, o->L[MAX_L - 1], sizeof accum);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(accum, next, sizeof accum);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c:293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, tag_bytes, ntag);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/ocb.c:358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o.out, partial, npartial);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/pbkdf2.c:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, U, hashsz);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/pbkdf2.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, block, taken);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/poly1305.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->s, s, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c:128:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key0, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c:129:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key1, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c:133:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key0, key, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c:134:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key1, key + 16, 16);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/salsa20.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->nonce + 8, nonce, 8);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha256.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, full, CF_SHA224_HASHSZ);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha256.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, full, CF_SHA224_HASHSZ);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha3.c:242:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf, nbytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha512.c:223:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, full, CF_SHA384_HASHSZ);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/sha512.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, full, CF_SHA384_HASHSZ);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testaes.c:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf, sizeof buf);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "Hi There", 8);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "Jefe", 4);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "what do ya want for nothing?", 28);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "Test Using Larger Than Block-Size Key - Hash Key First", 54);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 152);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "Test Using Larger Than Block-Size Key - Hash Key First", 54);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testsha.h:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:161:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void bcopy(uint8_t *dst,
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1049:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) _private, private_key, num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1050:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) _public, public_key, num_bytes*2);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1072:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) secret, (uint8_t *) _public, num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1100:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(public_key, compressed+1, curve->num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1210:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) native, bits, bits_size);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1283:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) tmp, private_key, BITS_TO_BYTES(curve->num_n_bits));
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1299:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) signature + curve->num_bytes, (uint8_t *) s, curve->num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1485:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) r, signature, curve->num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/micro-ecc/uECC.c:1486:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((uint8_t *) s, signature + curve->num_bytes, curve->num_bytes);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/asn1.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const *asn1_type_classes[4] = {"Universal", "Application", "Context-specific", "Private"};
data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c:67:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC)) == -1) {
data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c:68:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/random", O_RDONLY | O_CLOEXEC)) == -1) {
data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c:342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->chacha.nonce, iv, sizeof ctx->chacha.nonce);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c:406:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf + 16 - PTLS_CHACHA20POLY1305_IV_SIZE, iv, PTLS_CHACHA20POLY1305_IV_SIZE);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/pembase64.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/h2o-2.2.5+dfsg2/deps/picotls/lib/pembase64.c:313:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F = fopen(pem_fname, "r");
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:438:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, buf->base, buf->off);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:456:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->base + buf->off, src, len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf->base + rec_start + 5, bodylen);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1025:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((is_enc ? &tls->traffic_protection.enc : &tls->traffic_protection.dec)->secret, tls->early_data->next_secret,
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + datalen, context_string, strlen(context_string) + 1);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session_id_smallbuf[128];
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1935:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->traffic_protection.enc.secret, send_secret, sizeof(send_secret));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2498:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
EMIT_SERVER_HELLO((sched), { memcpy(sendbuf->base + sendbuf->off, hello_retry_random, PTLS_HELLO_RANDOM_SIZE); }, \
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2537:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->server_name, ch.server_name.base, ch.server_name.len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2707:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(properties->server.selected_psk_binder.base, selected->base, selected->len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2895:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->traffic_protection.dec.secret, tls->server.pending_traffic_secret, sizeof(tls->server.pending_traffic_secret));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2961:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->recvbuf.rec.base + tls->recvbuf.rec.off, src, addlen);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3077:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(duped, server_name, server_name_len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3101:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(duped, protocol, protocol_len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->recvbuf.mess.base + tls->recvbuf.mess.off, rec->fragment, rec->length);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3281:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->recvbuf.mess.base, src, src_end - src);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3584:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, key_size);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3626:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)output + off_start, digest, off_end - off_start);
data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytebuf[16384];
data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c:76:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((inputfd = open(input_file, O_RDONLY)) == -1) {
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc1[256], enc2[256], dec1[256], dec2[256];
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[256], dec[256];
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:257:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_fragmented_message_queue.vec[test_fragmented_message_queue.count].buf, message.base, message.len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:332:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ptls_set_negotiated_protocol(tls, (const char *)protocols[0].base, protocols[0].len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:558:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->base + dst->off, src.base, src.len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:569:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_ticket.base, src.base, src.len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:54:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAXPATHLEN];
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:82:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(self->fn, "wb")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:103:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) != NULL) {
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:150:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ls.fp = fopen(fn, "at")) == NULL) {
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->data.base, src.base, src.len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->base + dst->off, self->id, sizeof(self->id));
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:198:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->base + dst->off, self->data.base, self->data.len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/util.h:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa, res->ai_addr, res->ai_addrlen);
data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/openssl/test_client.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[1024];
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*a_pointer, *b_start, *b_pointer - *b_start);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:258:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, parser->input.string.current, size);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:420:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emitter->output.string.buffer
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:429:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emitter->output.string.buffer
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:848:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value_copy, value, length);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value_copy, value, length);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:2180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent_hint[2];
data/h2o-2.2.5+dfsg2/deps/yaml/src/parser.c:613:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, tag_directive->prefix, prefix_len);
data/h2o-2.2.5+dfsg2/deps/yaml/src/parser.c:614:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag+prefix_len, tag_suffix, suffix_len);
data/h2o-2.2.5+dfsg2/deps/yaml/src/scanner.c:2601:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string.start, head+1, length-1);
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor-alt.c:208:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[64];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor-alt.c:226:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%d", version->major);
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor-alt.c:238:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%d", version->minor);
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor.c:244:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[64];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor.c:275:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%d", version->major);
data/h2o-2.2.5+dfsg2/deps/yaml/tests/example-deconstructor.c:294:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%d", version->minor);
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-dumper.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[BUFFER_SIZE];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-dumper.c:171:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-dumper.c:229:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-dumper.c:243:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[number], "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-emitter.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[BUFFER_SIZE];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-emitter.c:197:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-emitter.c:254:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-emitter.c:268:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[number], "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-loader.c:33:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[number], "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-parser.c:33:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[number], "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/run-scanner.c:33:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argv[number], "rb");
data/h2o-2.2.5+dfsg2/deps/yaml/tests/test-version.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/h2o-2.2.5+dfsg2/deps/yaml/tests/test-version.c:20:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%d.%d", major, minor, patch);
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unix_listener[PATH_MAX];
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[1 * 1024 * 1024];
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:339:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client_timeout_ms = atoi(client_timeout_ms_str);
data/h2o-2.2.5+dfsg2/include/h2o.h:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rfc1123[H2O_TIMESTR_RFC1123_LEN + 1];
data/h2o-2.2.5+dfsg2/include/h2o.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log[H2O_TIMESTR_LOG_LEN + 1];
data/h2o-2.2.5+dfsg2/include/h2o/filecache.h:44:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[H2O_TIMESTR_RFC1123_LEN + 1];
data/h2o-2.2.5+dfsg2/include/h2o/filecache.h:47:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[H2O_FILECACHE_ETAG_MAXLEN + 1];
data/h2o-2.2.5+dfsg2/include/h2o/filecache.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _path[1];
data/h2o-2.2.5+dfsg2/include/h2o/http2_internal.h:150:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint32_t open;
data/h2o-2.2.5+dfsg2/include/h2o/http2_internal.h:369:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
--stream->_num_streams_slot->open;
data/h2o-2.2.5+dfsg2/include/h2o/http2_internal.h:370:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
++slot->open;
data/h2o-2.2.5+dfsg2/include/h2o/http2_internal.h:432:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
--stream->_num_streams_slot->open;
data/h2o-2.2.5+dfsg2/include/h2o/memory.h:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[1];
data/h2o-2.2.5+dfsg2/include/h2o/memory.h:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buf[1];
data/h2o-2.2.5+dfsg2/include/h2o/memory.h:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn_template[FILENAME_MAX];
data/h2o-2.2.5+dfsg2/include/h2o/memory.h:311:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dst, src, n);
data/h2o-2.2.5+dfsg2/lib/common/cache.c:109:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
h = (h << 5) - h + ((unsigned char *)s)[l - 1];
data/h2o-2.2.5+dfsg2/lib/common/file.c:39:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fn, O_RDONLY | O_CLOEXEC)) == -1)
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:118:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ref->fd = open(path, oflag)) != -1 && fstat(ref->fd, &ref->st) == 0) {
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:159:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, ref->_last_modified.str, H2O_TIMESTR_RFC1123_LEN + 1);
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:167:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ref->_etag.len = sprintf(ref->_etag.buf, "\"%08x-%zx\"", (unsigned)ref->st.st_mtime, (size_t)ref->st.st_size);
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, ref->_etag.buf, ref->_etag.len + 1);
data/h2o-2.2.5+dfsg2/lib/common/hostinfo.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->_in.name, name.base, name.len);
data/h2o-2.2.5+dfsg2/lib/common/hostinfo.c:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->_in.serv, serv.base, serv.len);
data/h2o-2.2.5+dfsg2/lib/common/hostinfo.c:209:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/h2o-2.2.5+dfsg2/lib/common/http1client.c:264:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
h2o_strtolower((char *)src_headers[i].name, src_headers[i].name_len);
data/h2o-2.2.5+dfsg2/lib/common/http1client.c:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[sizeof("65536")];
data/h2o-2.2.5+dfsg2/lib/common/http1client.c:552:80: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
h2o_hostinfo_getaddr(ctx->getaddr_receiver, host, h2o_iovec_init(serv, sprintf(serv, "%u", (unsigned)port)), AF_UNSPEC,
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[1];
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:87:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->key.base, ctx->prefix.base, ctx->prefix.len);
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->key.base + req->key.len, key.base, key.len);
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:275:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->data.get.value.base, resp.data, resp.data_len);
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:391:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->data.set.value.base, value.base, value.len);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4096 - sizeof(void *) * 2];
data/h2o-2.2.5+dfsg2/lib/common/memory.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[1];
data/h2o-2.2.5+dfsg2/lib/common/memory.c:250:31: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmpfn)) == -1) {
data/h2o-2.2.5+dfsg2/lib/common/memory.c:279:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp->_buf, inbuf->bytes, inbuf->size);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:297:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp->_buf, inbuf->bytes, inbuf->size);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/h2o-2.2.5+dfsg2/lib/common/memory.c:361:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x, blocksz);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:362:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, y, blocksz);
data/h2o-2.2.5+dfsg2/lib/common/memory.c:363:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y, buf, blocksz);
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536]; /* should be large enough */
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newenv, environ, sizeof(*newenv) * num);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, sock->ssl->input.encrypted->bytes, len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:168:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes_alloced, in, len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:259:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reserved.base, rbuf.base, rbuf.off);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:733:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sock->_peername->addr, sa, len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:740:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa, &sock->_peername->addr, sock->_peername->len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:896:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(buf, "%d.%d.%d.%d", addr >> 24, (addr >> 16) & 255, (addr >> 8) & 255, addr & 255);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1088:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_input.base, sock->ssl->input.encrypted->bytes, first_input.len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1113:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sock->ssl->input.encrypted->bytes, first_input.base, first_input.len);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1381:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*out = (const unsigned char *)protocols[i].base;
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop.c.h:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufs, _bufs, sizeof(*bufs) * bufcnt);
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop.c.h:295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sock->_wreq.bufs, bufs, sizeof(h2o_iovec_t) * bufcnt);
data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buf, &buf, sizeof(buf));
data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buf, &buf, sizeof(buf));
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST];
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pool->peer.sockaddr.bytes, sa, salen);
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:139:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pool->peer.named_serv.len = sprintf(pool->peer.named_serv.base, "%u", (unsigned)port);
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:258:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/h2o-2.2.5+dfsg2/lib/common/string.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.base, s, slen);
data/h2o-2.2.5+dfsg2/lib/common/string.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.base, src, ret.len);
data/h2o-2.2.5+dfsg2/lib/common/string.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remaining_input[4];
data/h2o-2.2.5+dfsg2/lib/common/string.c:508:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(escaped.base + escaped.len, quoted, sizeof(quoted) - 1); \
data/h2o-2.2.5+dfsg2/lib/common/time.c:29:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ("SunMonTueWedThuFriSat") + wday * 3, 3);
data/h2o-2.2.5+dfsg2/lib/common/time.c:35:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ("JanFebMarAprMayJunJulAugSepOctNovDec") + mon * 3, 3);
data/h2o-2.2.5+dfsg2/lib/common/time.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, " GMT", 4);
data/h2o-2.2.5+dfsg2/lib/common/url.c:403:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa->sun_path, host.base + sizeof(PREFIX) - 1, host.len - (sizeof(PREFIX) - 1));
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:202:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "failed to compile log format: unknown specifier for %%{...}p");
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:277:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "failed to compile log format: header name is not followed by either `i`, `o`, `x`, `e`");
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:307:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "failed to compile log format: unknown escape sequence: %%%c", pt[-1]);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, src, len);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, nullexpr.base, nullexpr.len);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:441:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, nullexpr.base, nullexpr.len);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:478:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newpt, line, *cur_size);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:634:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(pos, "%03u", (unsigned)(req->processed_at.at.tv_usec / 1000));
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:640:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(pos, "%06u", (unsigned)req->processed_at.at.tv_usec);
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, merged.base, merged.len);
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + merged.len + 2, added.base, added.len);
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_addr[NI_MAXHOST];
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:162:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, buf.base, offset); \
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:168:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf.base + offset, (s), (l)); \
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:205:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
offset += sprintf(buf.base + offset, "content-length: %zu\r\n", req->entity.len);
data/h2o-2.2.5+dfsg2/lib/core/proxy.c:216:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req_headers.entries, req->headers.entries, sizeof(req->headers.entries[0]) * req->headers.size);
data/h2o-2.2.5+dfsg2/lib/core/request.c:96:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostname_lc, hostname.base, hostname.len);
data/h2o-2.2.5+dfsg2/lib/core/request.c:243:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->buf.base, src->buf.base, src->buf.len); \
data/h2o-2.2.5+dfsg2/lib/core/request.c:589:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, req->path.base, req->path.len);
data/h2o-2.2.5+dfsg2/lib/core/request.c:592:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, req->path.base, 29);
data/h2o-2.2.5+dfsg2/lib/core/request.c:594:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, "...", 3);
data/h2o-2.2.5+dfsg2/lib/core/util.c:294:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, PREFIX, sizeof(PREFIX) - 1);
data/h2o-2.2.5+dfsg2/lib/core/util.c:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, PROTO, sizeof(PROTO) - 1);
data/h2o-2.2.5+dfsg2/lib/core/util.c:321:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "PROXY TCP4 ", 11);
data/h2o-2.2.5+dfsg2/lib/core/util.c:325:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, "PROXY TCP6 ", 11);
data/h2o-2.2.5+dfsg2/lib/core/util.c:345:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dst += sprintf(dst, "%" PRIu16 " %" PRIu16 "\r\n", peerport, (uint16_t)h2o_socket_getport((void *)&ss));
data/h2o-2.2.5+dfsg2/lib/core/util.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "PROXY UNKNOWN\r\n", 15);
data/h2o-2.2.5+dfsg2/lib/core/util.c:401:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filtered_value->base + filtered_value->len, ", ", 2); \
data/h2o-2.2.5+dfsg2/lib/core/util.c:404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filtered_value->base + filtered_value->len, (s), (e) - (s)); \
data/h2o-2.2.5+dfsg2/lib/handler/access_log.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *logline, buf[4096];
data/h2o-2.2.5+dfsg2/lib/handler/access_log.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4] = {"/bin/sh", "-c", (char *)(path + 1), NULL};
data/h2o-2.2.5+dfsg2/lib/handler/access_log.c:100:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0644)) == -1) {
data/h2o-2.2.5+dfsg2/lib/handler/access_log.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/lib/handler/chunked.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/h2o-2.2.5+dfsg2/lib/handler/chunked.c:47:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outbufs[outbufcnt].len = sprintf(self->buf, "%zx\r\n", chunk_size);
data/h2o-2.2.5+dfsg2/lib/handler/chunked.c:50:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbufs + outbufcnt, inbufs, sizeof(h2o_iovec_t) * inbufcnt);
data/h2o-2.2.5+dfsg2/lib/handler/configurator/expires.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[32];
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h2o_user_buf[65536];
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:306:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sa.sun_path, "/dry-run.nonexistent");
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:345:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->vars + 1, self->vars, sizeof(*self->vars));
data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, prefix, prefix_len); \
data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name + prefix_len, suffix, sizeof(suffix))
data/h2o-2.2.5+dfsg2/lib/handler/configurator/mruby.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/h2o-2.2.5+dfsg2/lib/handler/configurator/mruby.c:87:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(node->data.scalar, "rt")) == NULL) {
data/h2o-2.2.5+dfsg2/lib/handler/configurator/mruby.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/h2o-2.2.5+dfsg2/lib/handler/configurator/mruby.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->vars + 1, self->vars, sizeof(*self->vars));
data/h2o-2.2.5+dfsg2/lib/handler/configurator/proxy.c:293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->vars + 1, self->vars, sizeof(*self->vars));
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decoded, s, sizeof(*decoded));
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slot->base + slot->len, s, len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenbuf[8];
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NI_MAXHOST];
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:227:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:228:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int l = sprintf(buf, "%zu", req->entity.len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:249:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_end - path_info.len, path_info.base, path_info.len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:250:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_end - path_info.len - config->document_root.len, config->document_root.base, config->document_root.len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:284:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("HTTP/1.1")];
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:331:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, h->value.base, h->value.len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:337:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, h->value.base, h->value.len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:503:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
h2o_strtolower((char *)headers[i].name, headers[i].name_len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reserved.base, src, len);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:589:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h2o_buffer_reserve(&generator->resp.receiving, header->contentLength).base, input->bytes + FCGI_RECORD_HEADER_SIZE,
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:599:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h2o_buffer_reserve(&generator->resp.receiving, header->contentLength).base,
data/h2o-2.2.5+dfsg2/lib/handler/file.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_modified[H2O_TIMESTR_RFC1123_LEN + 1];
data/h2o-2.2.5+dfsg2/lib/handler/file.c:64:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char etag[H2O_FILECACHE_ETAG_MAXLEN + 1];
data/h2o-2.2.5+dfsg2/lib/handler/file.c:249:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(variant_path, path, path_len);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:268:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(variant_path, path, path_len);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:269:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(variant_path + path_len, ".gz");
data/h2o-2.2.5+dfsg2/lib/handler/file.c:354:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
content_range.len = sprintf(content_range.base, "bytes %zd-%zd/%zd", self->ranged.range_infos[0],
data/h2o-2.2.5+dfsg2/lib/handler/file.c:637:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char etag[H2O_FILECACHE_ETAG_MAXLEN + 1];
data/h2o-2.2.5+dfsg2/lib/handler/file.c:666:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
content_range.len = sprintf(content_range.base, "bytes */%zu", generator->bytesleft);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:755:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rpath + rpath_len, self->real_path.base, self->real_path.len);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:757:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rpath + rpath_len, req->path_normalized.base + req_path_prefix, req->path_normalized.len - req_path_prefix);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:766:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rpath + rpath_len, index_file->base, index_file->len);
data/h2o-2.2.5+dfsg2/lib/handler/file/_templates.c.h:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[NAME_MAX + 1]; \
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[NAME_MAX + 1]; \
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:79:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:87:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:95:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:103:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:125:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:133:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:141:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:149:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:157:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_->bytes + _->size, _s.base, _s.len);
data/h2o-2.2.5+dfsg2/lib/handler/headers_util.c:51:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_cmds, *cmds, cnt * sizeof(*new_cmds));
data/h2o-2.2.5+dfsg2/lib/handler/headers_util.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v.base, target->value.base, target->value.len);
data/h2o-2.2.5+dfsg2/lib/handler/headers_util.c:108:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v.base + target->value.len + 2, cmd->value.base, cmd->value.len);
data/h2o-2.2.5+dfsg2/lib/handler/http2_debug_state.c:45:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
conn_flow_in.len = sprintf(conn_flow_in.base, "%zd", debug_state->conn_flow_in);
data/h2o-2.2.5+dfsg2/lib/handler/http2_debug_state.c:47:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
conn_flow_out.len = sprintf(conn_flow_out.base, "%zd", debug_state->conn_flow_out);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.base, s, ret.len + 1);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcbuf[256];
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:358:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lcbuf, ext.base, ext.len);
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:141:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errbuf, "\n\n");
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.base, KEY_PREFIX, KEY_PREFIX_LEN);
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NI_MAXHOST];
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char http_version[sizeof("HTTP/1.0")];
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:497:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:498:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int l = sprintf(buf, "%zu", generator->req->entity.len);
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:705:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, RSTRING_PTR(e), RSTRING_LEN(e));
data/h2o-2.2.5+dfsg2/lib/handler/mruby/chunked.c:217:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunked->callback.receiving->bytes + chunked->callback.receiving->size, s, len);
data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->resp.after_closed->bytes + ctx->resp.after_closed->size, errstr, errstr_len);
data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*buf)->bytes + (*buf)->size, src, len);
data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c:400:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c:401:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t l = (size_t)sprintf(buf, "content-length: %zu\r\n", ctx->req.body.len);
data/h2o-2.2.5+dfsg2/lib/handler/status/requests.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/h2o-2.2.5+dfsg2/lib/handler/status/requests.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cbdata->buffer->bytes + cbdata->buffer->size, logline, len);
data/h2o-2.2.5+dfsg2/lib/handler/status/requests.c:77:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsc->req_data.base + rsc->req_data.len, cbdata.buffer->bytes, cbdata.buffer->size);
data/h2o-2.2.5+dfsg2/lib/handler/status/requests.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/lib/http1.c:283:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_case[src[i].name_len];
data/h2o-2.2.5+dfsg2/lib/http1.c:286:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_case, src[i].name, src[i].name_len);
data/h2o-2.2.5+dfsg2/lib/http1.c:288:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
h2o_strtolower((char *)src[i].name, src[i].name_len);
data/h2o-2.2.5+dfsg2/lib/http1.c:292:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
host->base = (char *)src[i].value;
data/h2o-2.2.5+dfsg2/lib/http1.c:300:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
expect->base = (char *)src[i].value;
data/h2o-2.2.5+dfsg2/lib/http1.c:303:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
upgrade->base = (char *)src[i].value;
data/h2o-2.2.5+dfsg2/lib/http1.c:645:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, header->orig_name ? header->orig_name : header->name->base, header->name->len);
data/h2o-2.2.5+dfsg2/lib/http1.c:649:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, header->value.base, header->value.len);
data/h2o-2.2.5+dfsg2/lib/http1.c:741:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufs + bufcnt, inbufs, sizeof(h2o_iovec_t) * inbufcnt);
data/h2o-2.2.5+dfsg2/lib/http2/cache_digests.c:146:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[SHA256_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/lib/http2/casper.c:45:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[SHA_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/lib/http2/casper.c:132:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(casper->keys.entries, keys, num_keys * sizeof(*keys));
data/h2o-2.2.5+dfsg2/lib/http2/casper.c:170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, s, l);
data/h2o-2.2.5+dfsg2/lib/http2/casper.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiny_bin_buf[128], *bin_buf = tiny_bin_buf;
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:361:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (conn->num_streams.pull.open > H2O_HTTP2_SETTINGS_HOST.max_concurrent_streams) {
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:430:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->_headers_unparsed->bytes + conn->_headers_unparsed->size, frame.payload, frame.length);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:532:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf.base, payload.data, payload.length);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:621:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->_headers_unparsed->bytes, payload.headers, payload.headers_len);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:655:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (conn->num_streams.priority.open >= conn->super.ctx->globalconf->http2.max_streams_for_priority) {
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:864:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vec.base, SETTINGS_HOST_BIN.base, SETTINGS_HOST_BIN.len);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:940:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sock->input->bytes, conn->_http1_req_input->bytes + reqsize, remaining_bytes);
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:1269:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conn->num_streams.push.open >= conn->peer_settings.max_concurrent_streams)
data/h2o-2.2.5+dfsg2/lib/http2/frame.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, data, 8);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->base, *src, len);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:444:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)dst, "%d", status);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], *p = buf + sizeof(buf);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, p, l);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:642:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, s, len);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:662:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, head, head_len);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:739:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->name->base, name->base, name->len);
data/h2o-2.2.5+dfsg2/lib/http2/hpack.c:743:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->value->base, value->base, value->len);
data/h2o-2.2.5+dfsg2/lib/http2/stream.c:59:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
++conn->num_streams.priority.open;
data/h2o-2.2.5+dfsg2/lib/http2/stream.c:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst.base, bufs->base, fill_size);
data/h2o-2.2.5+dfsg2/lib/http2/stream.c:364:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->_data.entries, bufs, sizeof(h2o_iovec_t) * bufcnt);
data/h2o-2.2.5+dfsg2/lib/websocket.c:34:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_src, client_key, 24);
data/h2o-2.2.5+dfsg2/lib/websocket.c:35:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_src + 24, WS_GUID, 36);
data/h2o-2.2.5+dfsg2/lib/websocket.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, conn->sock->input->bytes, len);
data/h2o-2.2.5+dfsg2/lib/websocket.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->_write_buf, data, len);
data/h2o-2.2.5+dfsg2/lib/websocket.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accept_key[29];
data/h2o-2.2.5+dfsg2/src/main.c:163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _unused1_avoir_false_sharing[32];
data/h2o-2.2.5+dfsg2/src/main.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _unused2_avoir_false_sharing[32];
data/h2o-2.2.5+dfsg2/src/main.c:169:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _unused3_avoir_false_sharing[32];
data/h2o-2.2.5+dfsg2/src/main.c:416:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp, ssl_conf->ocsp_stapling.response.data->bytes, len);
data/h2o-2.2.5+dfsg2/src/main.c:699:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[NEVERBLEED_ERRBUF_SIZE];
data/h2o-2.2.5+dfsg2/src/main.c:845:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&listener->addr, addr, addrlen);
data/h2o-2.2.5+dfsg2/src/main.c:894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwbuf_buf[65536];
data/h2o-2.2.5+dfsg2/src/main.c:1298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(h2o_socket_buffer_mmap_settings.fn_template)];
data/h2o-2.2.5+dfsg2/src/main.c:1333:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(parse_args->filename, "rb")) == NULL) {
data/h2o-2.2.5+dfsg2/src/main.c:1701:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST], serv[NI_MAXSERV];
data/h2o-2.2.5+dfsg2/src/main.c:1806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_time[H2O_TIMESTR_LOG_LEN + 1], restart_time[H2O_TIMESTR_LOG_LEN + 1];
data/h2o-2.2.5+dfsg2/src/main.c:2174:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(conf.pid_file, "wt");
data/h2o-2.2.5+dfsg2/src/ssl.c:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[16];
data/h2o-2.2.5+dfsg2/src/ssl.c:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_name, ticket->name, sizeof(ticket->name));
data/h2o-2.2.5+dfsg2/src/ssl.c:364:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[sizeof(ticket->name) + 1], *key;
data/h2o-2.2.5+dfsg2/src/ssl.c:372:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "node is not a mapping");
data/h2o-2.2.5+dfsg2/src/ssl.c:379:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, " mandatory attribute `" n "` is missing"); \
data/h2o-2.2.5+dfsg2/src/ssl.c:383:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "attribute `" n "` is not a string"); \
data/h2o-2.2.5+dfsg2/src/ssl.c:391:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "length of `name` attribute is not 32 bytes");
data/h2o-2.2.5+dfsg2/src/ssl.c:395:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "failed to decode the hex-encoded name");
data/h2o-2.2.5+dfsg2/src/ssl.c:401:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "cannot find the named cipher algorithm");
data/h2o-2.2.5+dfsg2/src/ssl.c:407:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "cannot find the named hash algorgithm");
data/h2o-2.2.5+dfsg2/src/ssl.c:414:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "length of the `key` attribute is incorrect (is %zu, must be %zu)\n", strlen(t->data.scalar),
data/h2o-2.2.5+dfsg2/src/ssl.c:420:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "failed to decode the hex-encoded key");
data/h2o-2.2.5+dfsg2/src/ssl.c:426:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "failed to parse the `not_before` attribute");
data/h2o-2.2.5+dfsg2/src/ssl.c:432:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "failed to parse the `not_after` attribute");
data/h2o-2.2.5+dfsg2/src/ssl.c:437:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "`not_after` is not equal to or greater than `not_before`");
data/h2o-2.2.5+dfsg2/src/ssl.c:445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ticket->cipher.key, key, EVP_CIPHER_key_length(cipher));
data/h2o-2.2.5+dfsg2/src/ssl.c:446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ticket->hmac.key, key + EVP_CIPHER_key_length(cipher), EVP_MD_block_size(hash));
data/h2o-2.2.5+dfsg2/src/ssl.c:466:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errstr, "root element is not a sequence");
data/h2o-2.2.5+dfsg2/src/ssl.c:470:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/src/ssl.c:520:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/src/ssl.c:611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/src/ssl.c:617:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/src/ssl.c:652:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/h2o-2.2.5+dfsg2/t/00unit/lib/common/string.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/h2o-2.2.5+dfsg2/t/00unit/lib/common/string.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[160];
data/h2o-2.2.5+dfsg2/t/00unit/lib/common/time.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[H2O_TIMESTR_RFC1123_LEN + 1];
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[256];
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:37:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\nabc");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:45:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:49:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY TCP5");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:53:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY UNKNOWN");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:57:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY UNKNOWN\r\nabc");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:62:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(in, "PROXY TCP6 ::1 ::1 56324 443\r\n");
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/compress.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decbuf[expectedlen + 1];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/fastcgi.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/fastcgi.c:57:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset, vecs[*index].base, vecs[*index].len);
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lm_date[H2O_TIMESTR_RFC1123_LEN + 1];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:282:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lm_date, conn->req.res.headers.entries[lm_index].value.base, H2O_TIMESTR_RFC1123_LEN);
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:536:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[BOUNDARY_SIZE + 1];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:549:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(boundary, content_type.base + mimebaselen, BOUNDARY_SIZE);
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:566:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[BOUNDARY_SIZE + 1];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:579:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(boundary, content_type.base + mimebaselen, BOUNDARY_SIZE);
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/mimemap.c:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("text/plain")];
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/mimemap.c:74:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "text/plain");
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/casper.c:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&expected, "\x14\xfe\x45\x59", 4);
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/hpack.c:292:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("www.example.com")];
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[1024];
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:388:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + strlen(output), "%u", (unsigned)h2o_http2_scheduler_get_weight(&n->ref));
data/h2o-2.2.5+dfsg2/t/00unit/src/ssl.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[256];
data/h2o-2.2.5+dfsg2/t/00unit/test.c:34:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->body->bytes + conn->body->size, inbufs[i].base, inbufs[i].len);
data/h2o-2.2.5+dfsg2/t/00unit/test.c:107:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[SHA_DIGEST_LENGTH];
data/h2o-2.2.5+dfsg2/t/00unit/test.c:108:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexbuf[SHA_DIGEST_LENGTH * 2 + 1];
data/h2o-2.2.5+dfsg2/deps/brotli/tools/bro.cc:50:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t argv0_len = strlen(argv[0]);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:236:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netwrite(ftp->ctrl_fd, cmd, strlen(cmd));
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:309:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fp->host, fn + 6, l);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:310:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp->retr = (char*)calloc(strlen(p) + 8, 1);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:312:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp->size_cmd = (char*)calloc(strlen(p) + 8, 1);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:381:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fp->http_host, fn + 7, l);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.c:520:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr = read(fp->fd, buf + l, rest);
data/h2o-2.2.5+dfsg2/deps/klib/knetfile.h:8:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define netread(fd, ptr, len) read(fd, ptr, len)
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:39:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r->name, nbeg, nend - nbeg);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:131:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p->name) kputsn(p->name, strlen(p->name), s);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:134:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(numbuf, strlen(numbuf), s);
data/h2o-2.2.5+dfsg2/deps/klib/knhx.c:136:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else kputsn(p->name, strlen(p->name), s);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:67:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(http_host, fn + 7, l);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:94:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, buf + l, 1)) { // read HTTP header; FIXME: bad efficiency
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:124:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(aux->ctrl_fd, &c, 1)) { // FIXME: this is *VERY BAD* for unbuffered I/O
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:145:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(aux->ctrl_fd, cmd, strlen(cmd));
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, fn + 6, l);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:164:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retr = calloc(strlen(p) + 8, 1);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(cmd);
data/h2o-2.2.5+dfsg2/deps/klib/kopen.c:218:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(argv[0], cmd + beg, end - beg);
data/h2o-2.2.5+dfsg2/deps/klib/kson.c:93:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
u->v.str = (char*)malloc(q - p + 1); strncpy(u->v.str, p, q - p); u->v.str[q-p] = 0; // equivalent to u->v.str=strndup(p, q-p)
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:68:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:178:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char*)kmemmem(str, strlen(str), pat, strlen(pat), _prep);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:178:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char*)kmemmem(str, strlen(str), pat, strlen(pat), _prep);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.c:183:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char*)kmemmem(str, n, pat, strlen(pat), _prep);
data/h2o-2.2.5+dfsg2/deps/klib/kstring.h:133:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return kputsn(p, strlen(p), s);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:91:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = read(ku->fd, ku->buf + ku->l_buf, ku->m_buf - ku->l_buf);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:425:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_init_hmac(&s, (uint8_t*)key, strlen(key));
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:426:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_write(&s, data, strlen(data));
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:446:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(home) + 12;
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:447:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = (char*)malloc(strlen(home) + 12);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:500:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secret = id_secret + strlen(id) + 1;
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:506:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(obj, strlen(obj), &str);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:513:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(date, strlen(date), &str);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:518:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(date, strlen(date), &str);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:520:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(bucket-1, strlen(bucket-1), &str);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:525:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(id, strlen(id), &str);
data/h2o-2.2.5+dfsg2/deps/klib/kurl.c:527:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kputsn(sig, strlen(sig), &str);
data/h2o-2.2.5+dfsg2/deps/klib/test/khash_keith.c:46:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf) + 1;
data/h2o-2.2.5+dfsg2/deps/klib/test/kseq_bench2.c:7:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
KSTREAM_INIT(int, read, 4096)
data/h2o-2.2.5+dfsg2/deps/klib/test/kstring_test.c:12:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ks->l != strlen(correct) || strcmp(ks->s, correct) != 0) {
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:256:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_get(&c, argv[1], strlen(argv[1]));
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:271:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_acquire(&c, argv[1], strlen(argv[1]), resources, initial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc-cnt.c:282:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_release(&c, argv[1], strlen(argv[1]), resources);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:153:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t n = read(fd, *pdata + data_len, 1 << 20);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:209:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_get(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:237:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_getk(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:268:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_get_touch(s, key, strlen(key), expire, quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:299:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_getk_touch(s, key, strlen(key), expire, quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:327:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_lock_get(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:346:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:357:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_lock_getk(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:376:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:390:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_touch(s, key, strlen(key), expire, quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:435:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_set(s, key, strlen(key), data, data_len,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:482:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_replace(s, key, strlen(key), data, data_len,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:529:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_add(s, key, strlen(key), data, data_len,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:573:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_replace_unlock(s, key, strlen(key), data, data_len,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:616:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = yrmcds_incr(s, key, strlen(key), value, quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:618:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = yrmcds_incr2(s, key, strlen(key), value, initial, expire,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:662:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = yrmcds_decr(s, key, strlen(key), value, quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:664:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = yrmcds_decr2(s, key, strlen(key), value, initial, expire,
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:702:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_append(s, key, strlen(key),
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:739:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_prepend(s, key, strlen(key),
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:768:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_remove(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:796:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_lock(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:814:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:825:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yrmcds_error e = yrmcds_unlock(s, argv[0], strlen(argv[0]), quiet, &serial);
data/h2o-2.2.5+dfsg2/deps/libyrmcds/yc.c:935:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(prefix);
data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/Win/dirent.c:44:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t base_length = strlen(name);
data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/Win/dirent.c:49:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dir->name = (char *) malloc(base_length + strlen(all) + 1)) != 0)
data/h2o-2.2.5+dfsg2/deps/mruby-dir/src/dir.c:145:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mrb_str_resize(mrb, path, strlen(RSTRING_PTR(path)));
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:22:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = malloc(strlen(name) + 2);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:25:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "=");
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:35:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = malloc(strlen(name) + strlen(value) + 2);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:35:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = malloc(strlen(name) + strlen(value) + 2);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:38:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "=");
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:144:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = mrb_str_new(mrb, str, strlen(str));
data/h2o-2.2.5+dfsg2/deps/mruby-env/src/env.c:168:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mrb_ary_push(mrb, elem, mrb_str_new(mrb, str, strlen(str)));
data/h2o-2.2.5+dfsg2/deps/mruby-file-stat/src/file-stat.c:792:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mrb_str_new_static(mrb, t, (size_t)strlen(t));
data/h2o-2.2.5+dfsg2/deps/mruby-iijson/src/json.c:95:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:83:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(0);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:84:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:86:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask(mask);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mrb_str_resize(mrb, result, strlen(RSTRING_PTR(result)));
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/file.c:212:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mrb_str_resize(mrb, path, strlen(RSTRING_PTR(path)));
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:28:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:502:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fptr->fd, RSTRING_PTR(buf), maxlen);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:649:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mrb_value read, read_io, write, except, timeout, list;
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:685:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!mrb_nil_p(read)) {
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:686:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mrb_check_type(mrb, read, MRB_TT_ARRAY);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:689:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < RARRAY_LEN(read); i++) {
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:690:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_io = RARRAY_PTR(read)[i];
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:769:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < RARRAY_LEN(read); i++) {
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:770:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fptr = (struct mrb_io *)mrb_get_datatype(mrb, RARRAY_PTR(read)[i], &mrb_io_type);
data/h2o-2.2.5+dfsg2/deps/mruby-io/src/io.c:773:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mrb_ary_push(mrb, list, RARRAY_PTR(read)[i]);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:27:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(077);
data/h2o-2.2.5+dfsg2/deps/mruby-io/test/mruby_io_test.c:36:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/h2o-2.2.5+dfsg2/deps/mruby-onig-regexp/src/mruby_onig_regexp.c:435:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_end = name + strlen(name);
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:40:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(template, tempFilename, MAX_PATH);
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:124:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(077);
data/h2o-2.2.5+dfsg2/deps/mruby-require/src/require.c:129:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:196:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_file = mrb_malloc(mrb, strlen(file) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(set_file, file, strlen(file) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:206:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(set_file, file, strlen(file) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:233:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_class = mrb_malloc(mrb, strlen(class_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:234:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(set_class, class_name, strlen(class_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:234:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(set_class, class_name, strlen(class_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:240:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_method = mrb_malloc(mrb, strlen(method_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:242:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(set_method, method_name, strlen(method_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apibreak.c:242:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(set_method, method_name, strlen(method_name) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:45:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base) + 1;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:48:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(dir) + sizeof("/") - 1;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:56:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:74:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = p != NULL ? (size_t)(p - path) : strlen(path);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:77:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir, path, len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:99:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file->path = mrb_malloc(mrb, strlen(filename) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:111:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(s)) == 0) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/apilist.c:123:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(fp)) != '\n') {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:73:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*ps == '0')||(strlen(ps) >= BPNO_LETTER_NUM)) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdbreak.c:148:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*args == '0')||(strlen(args) >= LINENO_MAX_DIGIT)) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:226:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*sp);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(st->filename, *sp, len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:255:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:258:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = mrb_malloc(mrb, len + strlen(ext) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:259:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(s, '\0', len + strlen(ext) + 1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:260:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, filename, len);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:471:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((buf = getchar()) == EOF) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/cmdmisc.c:476:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (buf != '\n' && (buf = getchar()) != EOF) ;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:113:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(item) + 1;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:122:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcpathlen = strlen(args->srcpath);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:123:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemlen = strlen(item);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:270:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c=getchar()) == EOF || c == '\n') break;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:281:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( ; (c=getchar()) != EOF && c !='\n'; i++) ;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:312:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pp = ps + strlen(ps);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:344:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(mrdb->words[0]);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:366:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(mrdb->words[0]);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-debugger/tools/mrdb/mrdb.c:376:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(mrdb->words[1]);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:323:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(word);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:443:25: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((last_char = getchar()) != '\n') {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:485:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > sizeof(last_code_line)-2) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:490:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(last_code_line, "\n");
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:498:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ruby_code)+strlen(last_code_line) > sizeof(ruby_code)-1) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:498:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ruby_code)+strlen(last_code_line) > sizeof(ruby_code)-1) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c:521:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->send = utf8 + strlen(utf8);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:56:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
infilelen = strlen(infile);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c:57:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extlen = strlen(ext);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:67:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*argv) <= 1) {
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:93:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(item) + 1;
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:102:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdlinelen = strlen(args->cmdline);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:103:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemlen = strlen(item);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-bin-strip/tools/mruby-strip/mruby-strip.c:50:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(argv[i]);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:1169:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *e = p + strlen(p);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:1195:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *e = p + strlen(p);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-compiler/core/codegen.c:2895:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname_len = strlen(s->filename);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:37:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*t |= EXTENDSIGN(3, strlen(t));
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:882:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(++s, RSTRING_PTR(val), sizeof(nbuf)-1);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:909:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:941:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(prefix);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-sprintf/src/sprintf.c:967:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = (int)strlen(prefix);
data/h2o-2.2.5+dfsg2/deps/mruby/mrbgems/mruby-time/src/time.c:552:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s)-1; /* truncate the last newline */
data/h2o-2.2.5+dfsg2/deps/mruby/src/debug.c:159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn_len = strlen(irep->filename);
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:388:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(irep->filename); /* filename */
data/h2o-2.2.5+dfsg2/deps/mruby/src/dump.c:409:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(irep->filename);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:589:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(str);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:619:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(utf8);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:727:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(RSTR_PTR(s)) ^ RSTR_LEN(s)) != 0) {
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:2189:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mrb_str_len_to_inum(mrb, str, strlen(str), base, badcheck);
data/h2o-2.2.5+dfsg2/deps/mruby/src/string.c:2596:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mrb_str_cat(mrb, str, ptr, strlen(ptr));
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:107:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mrb_intern(mrb, name, strlen(name));
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:137:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mrb_check_intern(mrb, name, (mrb_int)strlen(name));
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:412:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!symname_p(name) || strlen(name) != (size_t)len) {
data/h2o-2.2.5+dfsg2/deps/mruby/src/symbol.c:438:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (symname_p(name) && strlen(name) == (size_t)len) {
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:136:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((r = read(fd, p, sz)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:190:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s) + 1;
data/h2o-2.2.5+dfsg2/deps/neverbleed/neverbleed.c:1198:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(close_notify_fd, &b, 1);
data/h2o-2.2.5+dfsg2/deps/neverbleed/test.c:84:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSL_write(ssl, resp, strlen(resp));
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:36:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(t) == l && memcmp(s, t, l) == 0;
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:54:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_len) == (exp == 0 ? strlen(s) : exp)); \
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:114:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PARSE("GET /hoge HTTP/1.0\r\n\r", strlen("GET /hoge HTTP/1.0\r\n\r") - 1, -2, "slowloris (incomplete)");
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:115:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PARSE("GET /hoge HTTP/1.0\r\n\r\n", strlen("GET /hoge HTTP/1.0\r\n\r\n") - 1, 0, "slowloris (complete)");
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:159:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(phr_parse_response(s, strlen(s), &minor_version, &status, &msg, &msg_len, headers, &num_headers, last_len) == \
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:160:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(exp == 0 ? strlen(s) : exp)); \
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:226:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PARSE("HTTP/1.0 200 OK\r\n\r", strlen("HTTP/1.0 200 OK\r\n\r") - 1, -2, "slowloris (incomplete)");
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:227:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PARSE("HTTP/1.0 200 OK\r\n\r\n", strlen("HTTP/1.0 200 OK\r\n\r\n") - 1, 0, "slowloris (complete)");
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:247:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(phr_parse_headers(s, strlen(s), headers, &num_headers, last_len) == (exp == 0 ? strlen(s) : exp)); \
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:247:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(phr_parse_headers(s, strlen(s), headers, &num_headers, last_len) == (exp == 0 ? strlen(s) : exp)); \
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:283:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(buf);
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:288:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(bufsz == strlen(decoded));
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:292:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(bufis(buf + bufsz, ret, encoded + strlen(encoded) - ret));
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:303:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc(strlen(encoded) + 1);
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:304:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bytes_to_consume = strlen(encoded) - (expected >= 0 ? expected : 0), bytes_ready = 0, bufsz, i;
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:322:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(buf + bytes_ready);
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:326:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(bytes_ready == strlen(decoded));
data/h2o-2.2.5+dfsg2/deps/picohttpparser/test.c:347:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(buf);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/arm/boot.c:133:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *c)
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testutil.h:37:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(str) % 2 == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/deps/cifra/src/testutil.h:38:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(str) / 2 <= len);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/cifra.c:76:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rret = read(fd, entropy, size)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/deps/picotls/lib/pembase64.c:248:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t begin_or_end_length = strlen(begin_or_end);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/pembase64.c:259:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t label_length = strlen(label);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1065:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_buffer_pushv(buf, server_name, strlen(server_name));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1070:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_buffer_pushv(buf, negotiated_protocol, strlen(negotiated_protocol));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1123:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(data + datalen, context_string, strlen(context_string) + 1);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1124:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += strlen(context_string) + 1;
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:1356:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ ptls_buffer_pushv(sendbuf, tls->server_name, strlen(tls->server_name)); });
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2460:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UPDATE_BLOCK(tls->server_name, tls->server_name != NULL ? strlen(tls->server_name) : 0);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:2778:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_buffer_pushv(sendbuf, tls->negotiated_protocol, strlen(tls->negotiated_protocol));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3074:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name_len = strlen(server_name);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3098:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
protocol_len = strlen(protocol);
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3650:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_buffer_pushv(&hkdf_label, base_label, strlen(base_label));
data/h2o-2.2.5+dfsg2/deps/picotls/lib/picotls.c:3651:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_buffer_pushv(&hkdf_label, label, strlen(label));
data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c:118:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ioret = read(sockfd, bytebuf, sizeof(bytebuf))) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/deps/picotls/t/cli.c:165:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ioret = read(inputfd, bytebuf, sizeof(bytebuf))) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:99:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(do_sign(sc->key, &sigbuf, ptls_iovec_init(message, strlen(message)), EVP_sha256()) == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:101:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(verify_sign(sc->key, ptls_iovec_init(message, strlen(message)), ptls_iovec_init(sigbuf.base, sigbuf.off)) == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:123:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(do_sign(pkey, &sigbuf, ptls_iovec_init(message, strlen(message)), EVP_sha256()) == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:125:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(verify_sign(pkey, ptls_iovec_init(message, strlen(message)), ptls_iovec_init(sigbuf.base, sigbuf.off)) == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:133:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BIO *bio = BIO_new_mem_buf(RSA_CERTIFICATE, strlen(RSA_CERTIFICATE));
data/h2o-2.2.5+dfsg2/deps/picotls/t/openssl.c:146:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BIO *bio = BIO_new_mem_buf(RSA_PRIVATE_KEY, strlen(RSA_PRIVATE_KEY));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:73:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_hmac_create(find_cipher(ctx, PTLS_CIPHER_SUITE_AES_128_GCM_SHA256)->hash, secret, strlen(secret));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:74:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hctx->update(hctx, message, strlen(message));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:113:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enc1len = ptls_aead_encrypt_update(c, enc1, src1, strlen(src1));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:116:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enc2len = ptls_aead_encrypt_update(c, enc2, src2, strlen(src2));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:128:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(strlen(src1) == dec1len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:130:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(strlen(src2) == dec2len);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:151:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptls_aead_encrypt_init(c, 123, aad, strlen(aad));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:152:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enclen = ptls_aead_encrypt_update(c, enc, src, strlen(src));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:159:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
declen = ptls_aead_decrypt(c, dec, enc, enclen, 123, aad, strlen(aad));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:160:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(declen == strlen(src));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:162:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
declen = ptls_aead_decrypt(c, dec, enc, enclen, 123, "my fake aad", strlen(aad));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:408:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ptls_send(client, &cbuf, req, strlen(req));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:436:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(decbuf.off == strlen(req));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:442:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ptls_send(server, &sbuf, resp, strlen(resp));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:473:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ptls_send(client, &cbuf, req, strlen(req));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:480:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(decbuf.off == strlen(req));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:481:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(memcmp(decbuf.base, req, strlen(req)) == 0);
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:485:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ptls_send(server, &sbuf, resp, strlen(resp));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:493:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(decbuf.off == strlen(resp));
data/h2o-2.2.5+dfsg2/deps/picotls/t/picotls.c:494:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(memcmp(decbuf.base, resp, strlen(resp)) == 0);
data/h2o-2.2.5+dfsg2/deps/ssl-conservatory/openssl/openssl_hostname_validation.c:55:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int certname_len = ASN1_STRING_length(certname_asn1), hostname_len = strlen(hostname);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:735:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->handle)))
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:738:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->prefix)))
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:799:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:830:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:836:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:842:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((char *)value);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:880:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:886:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:935:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:941:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1076:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->handle)))
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1079:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->prefix)))
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1213:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1218:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((char *)value);
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1265:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/api.c:1310:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:620:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->handle)))
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:623:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->prefix), 1))
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1357:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle_length = strlen((char *)tag_directive.handle);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1358:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_length = strlen((char *)tag_directive.prefix);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1406:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
anchor_length = strlen((char *)anchor);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1443:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_length = strlen((char *)tag);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1453:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_length = strlen((char *)tag_directive->prefix);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1460:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)tag_directive->handle);
data/h2o-2.2.5+dfsg2/deps/yaml/src/emitter.c:1793:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indicator_length = strlen(indicator);
data/h2o-2.2.5+dfsg2/deps/yaml/src/parser.c:606:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_len = strlen((char *)tag_directive->prefix);
data/h2o-2.2.5+dfsg2/deps/yaml/src/parser.c:607:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t suffix_len = strlen((char *)tag_suffix);
data/h2o-2.2.5+dfsg2/deps/yaml/src/scanner.c:2446:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle[0] == '!' && handle[1] != '\0' && handle[strlen((char *)handle)-1] == '!')
data/h2o-2.2.5+dfsg2/deps/yaml/src/scanner.c:2580:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = head ? strlen((char *)head) : 0;
data/h2o-2.2.5+dfsg2/deps/yoml/test-yoml.c:34:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yaml_parser_set_input_string(&parser, (yaml_char_t*)s, strlen(s));
data/h2o-2.2.5+dfsg2/deps/yoml/yoml-parser.h:160:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse_args->mem_set(event.data.scalar.value, 'A', strlen(node->data.scalar));
data/h2o-2.2.5+dfsg2/deps/yoml/yoml.h:81:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mem_set(node->data.scalar, 0, strlen(node->data.scalar));
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:102:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf, sizeof(buf));
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:125:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ret = read(fd, buf + done, len)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:172:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:183:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(cfs, rbuf, sizeof(rbuf));
data/h2o-2.2.5+dfsg2/fuzz/driver.cc:352:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_url_parse(unix_listener, strlen(unix_listener), &upstream);
data/h2o-2.2.5+dfsg2/include/h2o/socket.h:116:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h2o_socket_cb read;
data/h2o-2.2.5+dfsg2/include/h2o/socket.h:349:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return sock->_cb.read != NULL;
data/h2o-2.2.5+dfsg2/include/h2o/socket.h:367:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return s != NULL ? h2o_iovec_init(s, strlen(s)) : h2o_iovec_init(NULL, 0);
data/h2o-2.2.5+dfsg2/include/h2o/socket.h:385:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return s != NULL ? h2o_iovec_init(s, strlen(s)) : h2o_iovec_init(NULL, 0);
data/h2o-2.2.5+dfsg2/lib/common/file.c:53:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((r = read(fd, ret.base + ret.len, (size_t)st.st_size - ret.len)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/lib/common/filecache.c:97:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref = h2o_mem_alloc(offsetof(h2o_filecache_ref_t, _path) + strlen(path) + 1);
data/h2o-2.2.5+dfsg2/lib/common/memcached.c:234:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2000000 + h2o_rand() % 3000000); /* sleep 2 to 5 seconds */
data/h2o-2.2.5+dfsg2/lib/common/memory.c:248:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmpfn = alloca(strlen(inbuf->_prototype->mmap_settings->fn_template) + 1);
data/h2o-2.2.5+dfsg2/lib/common/multithread.c:34:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h2o_socket_t *read;
data/h2o-2.2.5+dfsg2/lib/common/multithread.c:103:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h2o_socket_read_start(queue->async.read, on_read);
data/h2o-2.2.5+dfsg2/lib/common/multithread.c:132:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h2o_socket_read_stop(queue->async.read);
data/h2o-2.2.5+dfsg2/lib/common/multithread.c:133:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h2o_socket_close(queue->async.read);
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:100:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:187:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rret = read(pipefds[0], &errnum, sizeof(errnum))) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/lib/common/serverutil.c:271:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((r = read(respfds[0], buf.base, buf.len)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/lib/common/socket.c:190:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return write_bio(b, str, (int)strlen(str));
data/h2o-2.2.5+dfsg2/lib/common/socket.c:901:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1210:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session_cache_key.base = h2o_mem_alloc(strlen(server_name) + sizeof(":" H2O_UINT16_LONGEST_STR));
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1341:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return proto != NULL ? h2o_iovec_init(proto, strlen(proto)) : h2o_iovec_init(NULL, 0);
data/h2o-2.2.5+dfsg2/lib/common/socket.c:1400:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outlen = (unsigned)strlen(protocols);
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop.c.h:124:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rret = read(fd, buf.base, buf.len <= INT_MAX / 2 ? buf.len : INT_MAX / 2 + 1)) == -1 && errno == EINTR)
data/h2o-2.2.5+dfsg2/lib/common/socket/evloop.c.h:235:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sock->super._cb.read(&sock->super, err);
data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h:59:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sock->super._cb.read(&sock->super, h2o_socket_error_closed);
data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h:65:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sock->super._cb.read(&sock->super, NULL);
data/h2o-2.2.5+dfsg2/lib/common/socket/uv-binding.c.h:82:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sock->super._cb.read(&sock->super, err);
data/h2o-2.2.5+dfsg2/lib/common/socketpool.c:117:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host_len = strlen(host);
data/h2o-2.2.5+dfsg2/lib/common/string.c:34:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/h2o-2.2.5+dfsg2/lib/common/string.c:52:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/h2o-2.2.5+dfsg2/lib/common/string.c:65:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret.len = len != SIZE_MAX ? len : strlen(src);
data/h2o-2.2.5+dfsg2/lib/common/url.c:246:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/h2o-2.2.5+dfsg2/lib/common/url.c:266:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/h2o-2.2.5+dfsg2/lib/core/config.c:92:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(name), i;
data/h2o-2.2.5+dfsg2/lib/core/config.c:121:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, name_len = strlen(name);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:242:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t xlen = strlen(x->key->data.scalar), ylen = strlen(y->key->data.scalar);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:242:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t xlen = strlen(x->key->data.scalar), ylen = strlen(y->key->data.scalar);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:360:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (h2o_url_parse_hostport(key->data.scalar, strlen(key->data.scalar), &hostname, &port) == NULL) {
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1061:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config_str_len = strlen(config_str);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1096:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_fullpath = h2o_mem_alloc(strlen(root) + strlen(cmd) + 2);
data/h2o-2.2.5+dfsg2/lib/core/configurator.c:1096:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_fullpath = h2o_mem_alloc(strlen(root) + strlen(cmd) + 2);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:136:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fmt_len = strlen(fmt);
data/h2o-2.2.5+dfsg2/lib/core/logconf.c:744:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t module_len = strlen(log->module);
data/h2o-2.2.5+dfsg2/lib/core/request.c:528:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->res.content_length = strlen(body);
data/h2o-2.2.5+dfsg2/lib/core/request.c:586:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *prefix = alloca(sizeof("[] in request::") + 32 + strlen(module)), *p = prefix;
data/h2o-2.2.5+dfsg2/lib/core/util.c:313:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen;
data/h2o-2.2.5+dfsg2/lib/core/util.c:333:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen;
data/h2o-2.2.5+dfsg2/lib/core/util.c:342:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen;
data/h2o-2.2.5+dfsg2/lib/handler/configurator/expires.c:43:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(node->data.scalar, "%" SCNu64 " %31s", &value, unit) == 2) {
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:63:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->vars->document_root = h2o_iovec_init(node->data.scalar, strlen(node->data.scalar));
data/h2o-2.2.5+dfsg2/lib/handler/configurator/fastcgi.c:128:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(servname) >= sizeof(sa.sun_path)) {
data/h2o-2.2.5+dfsg2/lib/handler/configurator/file.c:48:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_mimemap_get_type_by_extension(*ctx->mimemap, h2o_get_filext(node->data.scalar, strlen(node->data.scalar)));
data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c:42:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*value = h2o_str_stripws(colon + 1, strlen(colon + 1));
data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c:86:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (extract_name(node->data.scalar, strlen(node->data.scalar), &name) != 0) {
data/h2o-2.2.5+dfsg2/lib/handler/configurator/headers_util.c:119:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_len = strlen(prefix);
data/h2o-2.2.5+dfsg2/lib/handler/fastcgi.c:845:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_socketpool_init_by_hostport(&handler->sockpool, h2o_iovec_init(host, strlen(host)), port, 0, SIZE_MAX /* FIXME */);
data/h2o-2.2.5+dfsg2/lib/handler/file.c:402:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((self = create_generator(req, path, strlen(path), &is_dir, flags)) == NULL)
data/h2o-2.2.5+dfsg2/lib/handler/file/_templates.c.h:82:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_iovec_t link_escaped = h2o_uri_escape(pool, files.entries[i], strlen(files.entries[i]), NULL);
data/h2o-2.2.5+dfsg2/lib/handler/file/_templates.c.h:84:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_iovec_t label_escaped = h2o_htmlescape(pool, files.entries[i], strlen(files.entries[i]));
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:117:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_iovec_t link_escaped = h2o_uri_escape(pool, files.entries[i], strlen(files.entries[i]), NULL);
data/h2o-2.2.5+dfsg2/lib/handler/file/templates.c.h:119:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_iovec_t label_escaped = h2o_htmlescape(pool, files.entries[i], strlen(files.entries[i]));
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:58:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret.len = strlen(s);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:120:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_mimemap_type_t *type = h2o_mem_alloc_shared(NULL, sizeof(*type) + strlen(mime) + 1, NULL);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:252:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((new_type = h2o_mimemap_get_type_by_mimetype(mimemap, h2o_iovec_init(mime, strlen(mime)), 1)) != NULL &&
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:294:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((new_type = h2o_mimemap_get_type_by_mimetype(mimemap, h2o_iovec_init(mime, strlen(mime)), 1)) != NULL &&
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:398:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *mime = alloca(strlen(_mime) + 1);
data/h2o-2.2.5+dfsg2/lib/handler/mimemap.c:404:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_end_at = mime + strlen(mime);
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:62:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mrb_gv_set(mrb, mrb_intern_lit(mrb, "$H2O_ROOT"), mrb_str_new(mrb, root, strlen(root)));
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:142:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (h2o_str_at_position(errbuf + strlen(errbuf), config->source.base, config->source.len,
data/h2o-2.2.5+dfsg2/lib/handler/mruby.c:145:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errbuf[strlen(errbuf) - 2] = '\0';
data/h2o-2.2.5+dfsg2/lib/handler/mruby/http_request.c:175:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t errstr_len = strlen(errstr);
data/h2o-2.2.5+dfsg2/lib/handler/status.c:210:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = h2o_concat(&req->pool, h2o_iovec_init(root, strlen(root)), h2o_iovec_init(H2O_STRLIT("/share/h2o/status/index.html")));
data/h2o-2.2.5+dfsg2/lib/http1.c:599:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(req->res.reason) + H2O_TIMESTR_RFC1123_LEN + server_name_and_connection_len +
data/h2o-2.2.5+dfsg2/lib/http1.c:697:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = flatten_headers_estimate_size(&conn->req, conn->super.ctx->globalconf->server_name.len + strlen(connection));
data/h2o-2.2.5+dfsg2/lib/http1.c:736:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&req->pool, flatten_headers_estimate_size(req, conn->super.ctx->globalconf->server_name.len + strlen(connection)));
data/h2o-2.2.5+dfsg2/lib/http2/connection.c:885:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_desc != NULL ? (h2o_iovec_t){(char *)err_desc, strlen(err_desc)} : (h2o_iovec_t){NULL});
data/h2o-2.2.5+dfsg2/lib/websocket.c:155:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(accept_key));
data/h2o-2.2.5+dfsg2/src/main.c:255:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct listener_ssl_config_t *resolved = resolve_sni(listener, server_name, strlen(server_name));
data/h2o-2.2.5+dfsg2/src/main.c:1078:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(servname) >= sizeof(sa.sun_path)) {
data/h2o-2.2.5+dfsg2/src/main.c:1679:103: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_concat(NULL, h2o_iovec_init(H2O_STRLIT("--pid-file=")), h2o_iovec_init(conf.pid_file, strlen(conf.pid_file))).base;
data/h2o-2.2.5+dfsg2/src/main.c:1684:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_concat(NULL, h2o_iovec_init(H2O_STRLIT("--log-file=")), h2o_iovec_init(conf.error_log, strlen(conf.error_log)))
data/h2o-2.2.5+dfsg2/src/main.c:1708:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newarg = h2o_mem_alloc(sizeof("--port=[]:") + strlen(host) + strlen(serv));
data/h2o-2.2.5+dfsg2/src/main.c:1708:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newarg = h2o_mem_alloc(sizeof("--port=[]:") + strlen(host) + strlen(serv));
data/h2o-2.2.5+dfsg2/src/main.c:1717:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newarg = h2o_mem_alloc(sizeof("--path=") + strlen(sa->sun_path));
data/h2o-2.2.5+dfsg2/src/main.c:1876:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ret.base[ret.len], arg.outbuf.base, arg.written);
data/h2o-2.2.5+dfsg2/src/ssl.c:390:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->data.scalar) != sizeof(ticket->name) * 2) {
data/h2o-2.2.5+dfsg2/src/ssl.c:413:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->data.scalar) != keylen * 2) {
data/h2o-2.2.5+dfsg2/src/ssl.c:414:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(errstr, "length of the `key` attribute is incorrect (is %zu, must be %zu)\n", strlen(t->data.scalar),
data/h2o-2.2.5+dfsg2/t/00unit/issues/293.c:39:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmds[0] = (h2o_headers_command_t){H2O_HEADERS_CMD_ADD, &x_authority, {authority, strlen(authority)}};
data/h2o-2.2.5+dfsg2/t/00unit/issues/293.c:50:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn->req.input.authority = h2o_iovec_init(host, strlen(host));
data/h2o-2.2.5+dfsg2/t/00unit/issues/293.c:60:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(expected)));
data/h2o-2.2.5+dfsg2/t/00unit/lib/common/string.c:214:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decoded = h2o_decode_base64url(&pool, buf, strlen(buf));
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:33:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(in, "");
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:34:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:38:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:39:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(ret == strlen(in) - 3);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:46:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:50:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:54:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:58:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:59:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(ret == strlen(in) - 3);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:63:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = parse_proxy_line(in, strlen(in), (void *)&sa, &salen);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:64:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(ret == strlen(in));
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:413:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h2o_pathconf_t conf = {NULL, {tests[i].pathconf, strlen(tests[i].pathconf)}};
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:415:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req.path = req.input.path = h2o_iovec_init(tests[i].input + j, strlen(tests[i].input) - j);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:418:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest = h2o_build_destination(&req, tests[i].dest, strlen(tests[i].dest), escape);
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:420:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(dest.len == strlen(tests[i].output));
data/h2o-2.2.5+dfsg2/t/00unit/lib/core/util.c:421:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(h2o_memis(dest.base, dest.len, tests[i].output, strlen(tests[i].output)));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:33:113: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return h2o_lcstris(res->headers.entries[index].value.base, res->headers.entries[index].value.len, expected, strlen(expected));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:450:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:463:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:476:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:489:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:502:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:515:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok(conn->body->size == strlen("requested range not satisfiable"));
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:537:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t mimebaselen = strlen("multipart/byteranges; boundary=");
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/file.c:567:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t mimebaselen = strlen("multipart/byteranges; boundary=");
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/mimemap.c:60:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return type->type == H2O_MIMEMAP_TYPE_MIMETYPE && type->data.mimetype.len == strlen(expected) &&
data/h2o-2.2.5+dfsg2/t/00unit/lib/handler/redirect.c:33:113: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return h2o_lcstris(res->headers.entries[index].value.base, res->headers.entries[index].value.len, expected, strlen(expected));
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/hpack.c:182:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:73:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, ",");
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:388:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output + strlen(output), "%u", (unsigned)h2o_http2_scheduler_get_weight(&n->ref));
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:401:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "(");
data/h2o-2.2.5+dfsg2/t/00unit/lib/http2/scheduler.c:408:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, ")");
ANALYSIS SUMMARY:
Hits = 1518
Lines analyzed = 214729 in approximately 9.02 seconds (23795 lines/second)
Physical Source Lines of Code (SLOC) = 166809
Hits@level = [0] 1046 [1] 402 [2] 866 [3] 96 [4] 147 [5] 7
Hits@level+ = [0+] 2564 [1+] 1518 [2+] 1116 [3+] 250 [4+] 154 [5+] 7
Hits/KSLOC@level+ = [0+] 15.3709 [1+] 9.10023 [2+] 6.69029 [3+] 1.49872 [4+] 0.923212 [5+] 0.0419642
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.