Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jabber-muc-0.8/include/jabberd.h
Examining data/jabber-muc-0.8/include/jcomp-compat.h
Examining data/jabber-muc-0.8/include/ns.h
Examining data/jabber-muc-0.8/include/hash.h
Examining data/jabber-muc-0.8/include/fields.h
Examining data/jabber-muc-0.8/include/lib.h
Examining data/jabber-muc-0.8/include/conference.h
Examining data/jabber-muc-0.8/include/jcomp.h
Examining data/jabber-muc-0.8/src/jcomp/jcr_log.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_base_connect.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_main_stream_error.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_compatibility.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_deliver.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_shutdown.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_elements.c
Examining data/jabber-muc-0.8/src/jcomp/jcr_xdb.c
Examining data/jabber-muc-0.8/src/jabberd/expat.c
Examining data/jabber-muc-0.8/src/jabberd/jpacket.c
Examining data/jabber-muc-0.8/src/jabberd/snprintf.c
Examining data/jabber-muc-0.8/src/jabberd/jid.c
Examining data/jabber-muc-0.8/src/jabberd/xmlnode.c
Examining data/jabber-muc-0.8/src/jabberd/jutil.c
Examining data/jabber-muc-0.8/src/jabberd/str.c
Examining data/jabber-muc-0.8/src/jabberd/pool.c
Examining data/jabber-muc-0.8/src/jabberd/sha.c
Examining data/jabber-muc-0.8/src/utils.c
Examining data/jabber-muc-0.8/src/xdata.c
Examining data/jabber-muc-0.8/src/conference_room.c
Examining data/jabber-muc-0.8/src/hash.c
Examining data/jabber-muc-0.8/src/main.c
Examining data/jabber-muc-0.8/src/roles.c
Examining data/jabber-muc-0.8/src/conference_user.c
Examining data/jabber-muc-0.8/src/mysql.c
Examining data/jabber-muc-0.8/src/conference.c
Examining data/jabber-muc-0.8/src/admin.c
Examining data/jabber-muc-0.8/src/iq.c
Examining data/jabber-muc-0.8/src/xdb.c
FINAL RESULTS:
data/jabber-muc-0.8/include/lib.h:63:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf ap_snprintf
data/jabber-muc-0.8/include/lib.h:68:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf ap_vsnprintf
data/jabber-muc-0.8/src/conference.c:113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%i%i",jid_node,(int)current_time,rand());
data/jabber-muc-0.8/src/conference.c:115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret,"%s",buffer);
data/jabber-muc-0.8/src/conference_room.c:487:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nick, "%s", user->realid->user);
data/jabber-muc-0.8/src/conference_room.c:489:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nick, "%s%d", user->realid->user,count++);
data/jabber-muc-0.8/src/jabberd/jid.c:195:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_out_buffer, preped->preped);
data/jabber-muc-0.8/src/jabberd/jid.c:338:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(biggerbuffer, id->server);
data/jabber-muc-0.8/src/jabberd/jid.c:374:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(biggerbuffer, id->user);
data/jabber-muc-0.8/src/jabberd/jid.c:414:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(biggerbuffer, id->resource);
data/jabber-muc-0.8/src/jabberd/jutil.c:313:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keydb[last],shahash(strint));
data/jabber-muc-0.8/src/jabberd/jutil.c:316:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seeddb[last],shahash(seed));
data/jabber-muc-0.8/src/jabberd/snprintf.c:429:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
*len = strlen(strcpy(buf, p));
data/jabber-muc-0.8/src/jcomp/jcr_deliver.c:121:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t.msg,err);
data/jabber-muc-0.8/src/jcomp/jcr_log.c:81:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logmsg, 512, fmt, ap);
data/jabber-muc-0.8/src/jcomp/jcr_log.c:94:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logmsg, 512, fmt, ap);
data/jabber-muc-0.8/src/jcomp/jcr_log.c:107:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logmsg, 512, fmt, ap);
data/jabber-muc-0.8/src/jcomp/jcr_log.c:120:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logmsg, 512, fmt, ap);
data/jabber-muc-0.8/src/jcomp/jcr_log.c:133:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logmsg, 512, fmt, ap);
data/jabber-muc-0.8/src/jabberd/jutil.c:305:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/jabber-muc-0.8/src/main.c:57:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Bshd:c:")) != EOF)
data/jabber-muc-0.8/include/conference.h:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/jabber-muc-0.8/include/conference.h:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/jabber-muc-0.8/include/lib.h:124:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shahash_r(const char* str, char hashbuf[40]); /* USE ME */
data/jabber-muc-0.8/include/lib.h:311:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaFinal(j_SHA_CTX *ctx, unsigned char hashout[20]);
data/jabber-muc-0.8/include/lib.h:312:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]);
data/jabber-muc-0.8/include/lib.h:312:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]);
data/jabber-muc-0.8/include/lib.h:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/jabber-muc-0.8/include/lib.h:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[10];
data/jabber-muc-0.8/include/lib.h:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char condition[30];
data/jabber-muc-0.8/src/conference.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char users[10];
data/jabber-muc-0.8/src/conference.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxu[10];
data/jabber-muc-0.8/src/conference.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char users[10];
data/jabber-muc-0.8/src/conference.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxu[10];
data/jabber-muc-0.8/src/conference.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/jabber-muc-0.8/src/conference.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jid_node[21];//not the full jid, just a part of the node
data/jabber-muc-0.8/src/conference.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nstr[10];
data/jabber-muc-0.8/src/conference.c:319:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nstr,"%d",start);
data/jabber-muc-0.8/src/conference_room.c:44:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j], "<br />", 6);
data/jabber-muc-0.8/src/conference_room.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[80];
data/jabber-muc-0.8/src/conference_room.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datePart[5];
data/jabber-muc-0.8/src/conference_room.c:240:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
room->logfile = fopen(filename, "a");
data/jabber-muc-0.8/src/conference_room.c:254:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
room->logfile = fopen(filename, "a");
data/jabber-muc-0.8/src/conference_room.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/jabber-muc-0.8/src/conference_room.c:774:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nstr[10];
data/jabber-muc-0.8/src/conference_room.c:780:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nstr,"%d",start);
data/jabber-muc-0.8/src/conference_user.c:453:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/jabber-muc-0.8/src/conference_user.c:493:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",t);
data/jabber-muc-0.8/src/jabberd/expat.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/jabber-muc-0.8/src/jabberd/expat.c:123:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file,O_RDONLY);
data/jabber-muc-0.8/src/jabberd/expat.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/jabber-muc-0.8/src/jabberd/expat.c:157:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char err[1024];
data/jabber-muc-0.8/src/jabberd/expat.c:163:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file,O_RDONLY);
data/jabber-muc-0.8/src/jabberd/expat.c:191:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ftmp, O_CREAT | O_WRONLY | O_TRUNC, 0600);
data/jabber-muc-0.8/src/jabberd/jutil.c:164:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = atoi(str);
data/jabber-muc-0.8/src/jabberd/jutil.c:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timestamp[21];
data/jabber-muc-0.8/src/jabberd/jutil.c:225:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timestamp[18];
data/jabber-muc-0.8/src/jabberd/jutil.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/jabber-muc-0.8/src/jabberd/jutil.c:293:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keydb[KEYBUF][41];
data/jabber-muc-0.8/src/jabberd/jutil.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seeddb[KEYBUF][41];
data/jabber-muc-0.8/src/jabberd/jutil.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, strint[32];
data/jabber-muc-0.8/src/jabberd/jutil.c:312:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strint,"%d",rand());
data/jabber-muc-0.8/src/jabberd/pool.c:41:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, strlen(src));
data/jabber-muc-0.8/src/jabberd/sha.c:64:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaFinal(j_SHA_CTX *ctx, unsigned char hashout[20]) {
data/jabber-muc-0.8/src/jabberd/sha.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padlen[8];
data/jabber-muc-0.8/src/jabberd/sha.c:99:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]) {
data/jabber-muc-0.8/src/jabberd/sha.c:99:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]) {
data/jabber-muc-0.8/src/jabberd/sha.c:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char final[41];
data/jabber-muc-0.8/src/jabberd/sha.c:157:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashval[20];
data/jabber-muc-0.8/src/jabberd/sha.c:174:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shahash_r(const char* str, char hashbuf[41])
data/jabber-muc-0.8/src/jabberd/sha.c:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashval[20];
data/jabber-muc-0.8/src/jabberd/snprintf.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NDIG];
data/jabber-muc-0.8/src/jabberd/snprintf.c:464:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[EXPONENT_LENGTH]; /* for exponent conversion */
data/jabber-muc-0.8/src/jabberd/snprintf.c:551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_buf[NUM_BUF_SIZE];
data/jabber-muc-0.8/src/jabberd/snprintf.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buf[2]; /* for printing %% and %<unknown> */
data/jabber-muc-0.8/src/jabberd/str.c:104:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(a);
data/jabber-muc-0.8/src/jabberd/str.c:258:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j],"&",5);
data/jabber-muc-0.8/src/jabberd/str.c:262:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j],"'",6);
data/jabber-muc-0.8/src/jabberd/str.c:266:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j],""",6);
data/jabber-muc-0.8/src/jabberd/str.c:270:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j],"<",4);
data/jabber-muc-0.8/src/jabberd/str.c:274:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[j],">",4);
data/jabber-muc-0.8/src/jabberd/str.c:287:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[64];
data/jabber-muc-0.8/src/jabberd/xmlnode.c:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scur,cur->data,cur->data_sz);
data/jabber-muc-0.8/src/jabberd/xmlnode.c:322:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->data, CDATA, size);
data/jabber-muc-0.8/src/jcomp/jcr_base_connect.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&from.sin_addr, hp->h_addr, hp->h_length);
data/jabber-muc-0.8/src/jcomp/jcr_base_connect.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t) &from.sin_addr, hp->h_addr, hp->h_length);
data/jabber-muc-0.8/src/jcomp/jcr_base_connect.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/jabber-muc-0.8/src/jcomp/jcr_compatibility.c:56:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[128];
data/jabber-muc-0.8/src/jcomp/jcr_deliver.c:122:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t.condition, "service-unavailable");
data/jabber-muc-0.8/src/jcomp/jcr_deliver.c:123:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t.type, "wait");
data/jabber-muc-0.8/src/jcomp/jcr_elements.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[41];
data/jabber-muc-0.8/src/jcomp/jcr_log.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_str[512];
data/jabber-muc-0.8/src/jcomp/jcr_log.c:51:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
jcr->log_stream = fopen(log_str, "a+");
data/jabber-muc-0.8/src/jcomp/jcr_log.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[512] = "";
data/jabber-muc-0.8/src/jcomp/jcr_log.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[512] = "";
data/jabber-muc-0.8/src/jcomp/jcr_log.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[512] = "";
data/jabber-muc-0.8/src/jcomp/jcr_log.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[512] = "";
data/jabber-muc-0.8/src/jcomp/jcr_log.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[512] = "";
data/jabber-muc-0.8/src/jcomp/jcr_xdb.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/jabber-muc-0.8/src/jcomp/jcr_xdb.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/jabber-muc-0.8/src/main.c:157:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null",O_RDWR);
data/jabber-muc-0.8/src/main.c:173:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pid_stream = fopen(config_file, "w");
data/jabber-muc-0.8/src/mysql.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char escaped[BUFFER_SIZE] = "";
data/jabber-muc-0.8/src/mysql.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char users[10]="";
data/jabber-muc-0.8/src/mysql.c:156:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(users,"%d",room->count);
data/jabber-muc-0.8/src/mysql.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10]="";
data/jabber-muc-0.8/src/mysql.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10]="";
data/jabber-muc-0.8/src/mysql.c:255:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eroom[1025] = "";
data/jabber-muc-0.8/src/mysql.c:294:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char euser[1025] = "";
data/jabber-muc-0.8/src/mysql.c:295:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eroom[1025] = "";
data/jabber-muc-0.8/src/mysql.c:357:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char euser[1025] = "";
data/jabber-muc-0.8/src/mysql.c:358:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eroom[1025] = "";
data/jabber-muc-0.8/src/roles.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/roles.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/roles.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/roles.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[100];
data/jabber-muc-0.8/src/utils.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cjid[2048];
data/jabber-muc-0.8/src/utils.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[256];
data/jabber-muc-0.8/src/utils.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[128];
data/jabber-muc-0.8/src/utils.c:485:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "None given");
data/jabber-muc-0.8/src/utils.c:591:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", number);
data/jabber-muc-0.8/src/utils.c:598:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[128];
data/jabber-muc-0.8/src/utils.c:611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/jabber-muc-0.8/src/utils.c:630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/jabber-muc-0.8/src/utils.c:647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/jabber-muc-0.8/src/utils.c:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ujid[2048];
data/jabber-muc-0.8/src/utils.c:814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[2];
data/jabber-muc-0.8/src/xdata.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[4];
data/jabber-muc-0.8/src/xdata.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namespace[100];
data/jabber-muc-0.8/src/xdata.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[100];
data/jabber-muc-0.8/src/xdata.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_secret[100];
data/jabber-muc-0.8/src/xdata.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_protected[100];
data/jabber-muc-0.8/src/xdata.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[4];
data/jabber-muc-0.8/src/xdb.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10];
data/jabber-muc-0.8/src/conference.c:108:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(jid_node,jid->user,21);
data/jabber-muc-0.8/src/conference.c:114:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret=malloc((strlen(buffer)+1)*sizeof(char));
data/jabber-muc-0.8/src/conference.c:347:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata(jp->iq,str,strlen(str));
data/jabber-muc-0.8/src/conference_room.c:30:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldlen = newlen=strlen(result);
data/jabber-muc-0.8/src/iq.c:60:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - 1] = '\0'; /* cut off newline */
data/jabber-muc-0.8/src/jabberd/expat.c:135:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, BUFSIZ);
data/jabber-muc-0.8/src/jabberd/expat.c:170:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, BUFSIZ);
data/jabber-muc-0.8/src/jabberd/expat.c:196:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = write(fd,doc,strlen(doc));
data/jabber-muc-0.8/src/jabberd/jid.c:233:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
preped->size = strlen(in_out_buffer)+1;
data/jabber-muc-0.8/src/jabberd/jid.c:331:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = _jid_cached_stringprep(id->server, strlen(id->server)+1, _jid_prep_cache_domain);
data/jabber-muc-0.8/src/jabberd/jid.c:367:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = _jid_cached_stringprep(id->user, strlen(id->user)+1, _jid_prep_cache_node);
data/jabber-muc-0.8/src/jabberd/jid.c:407:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = _jid_cached_stringprep(id->resource, strlen(id->resource)+1, _jid_prep_cache_resource);
data/jabber-muc-0.8/src/jabberd/jid.c:415:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = _jid_cached_stringprep(id->resource, strlen(id->resource)+1, _jid_prep_cache_resource);
data/jabber-muc-0.8/src/jabberd/jid.c:450:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id->server) > 1023)
data/jabber-muc-0.8/src/jabberd/jid.c:544:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource = str + strlen(str); /* point to end */
data/jabber-muc-0.8/src/jabberd/jutil.c:77:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata(xmlnode_insert_tag(pres,"status"),status,strlen(status));
data/jabber-muc-0.8/src/jabberd/jutil.c:119:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata (xmlnode_insert_tag (msg, "subject"), subj, strlen (subj));
data/jabber-muc-0.8/src/jabberd/jutil.c:124:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata (xmlnode_insert_tag (msg, "body"), body, strlen (body));
data/jabber-muc-0.8/src/jabberd/jutil.c:262:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata(text,E.msg,strlen(E.msg));
data/jabber-muc-0.8/src/jabberd/jutil.c:278:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata(delay,reason,strlen(reason));
data/jabber-muc-0.8/src/jabberd/jutil.c:286:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlnode_insert_cdata(delay,reason,strlen(reason));
data/jabber-muc-0.8/src/jabberd/pool.c:40:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest = pmalloc(p, (strlen(src) + 1));
data/jabber-muc-0.8/src/jabberd/pool.c:41:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(dest, src, strlen(src));
data/jabber-muc-0.8/src/jabberd/sha.c:163:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shaBlock((unsigned char *)str, strlen(str), hashval);
data/jabber-muc-0.8/src/jabberd/sha.c:183:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shaBlock((unsigned char *)str, strlen(str), hashval);
data/jabber-muc-0.8/src/jabberd/snprintf.c:429:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(strcpy(buf, p));
data/jabber-muc-0.8/src/jabberd/snprintf.c:736:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(s);
data/jabber-muc-0.8/src/jabberd/snprintf.c:781:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(s);
data/jabber-muc-0.8/src/jabberd/str.c:96:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(a);
data/jabber-muc-0.8/src/jabberd/str.c:127:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/jabber-muc-0.8/src/jabberd/str.c:224:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldlen = newlen = strlen(buf);
data/jabber-muc-0.8/src/jabberd/xmlnode.c:316:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(CDATA);
data/jabber-muc-0.8/src/jabberd/xmlnode.c:482:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attrib->data_sz = strlen(value);
data/jabber-muc-0.8/src/jcomp/jcr_base_connect.c:83:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = g_io_channel_write_chars(jcr->gio, buf, strlen(buf), &bytes, &error);
data/jabber-muc-0.8/src/jcomp/jcr_deliver.c:36:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_debug(JDBG, "queued %d bytes : >>> %s <<<", strlen(xmlnode2str(d->x)), xmlnode2str(d->x));
data/jabber-muc-0.8/src/jcomp/jcr_elements.c:123:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!to || strncasecmp(jcr->jcr_i->id, to->server, strlen(jcr->jcr_i->id)) == 0) {
data/jabber-muc-0.8/src/jcomp/jcr_log.c:40:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(pos);
data/jabber-muc-0.8/src/mysql.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
ANALYSIS SUMMARY:
Hits = 180
Lines analyzed = 13147 in approximately 0.37 seconds (35896 lines/second)
Physical Source Lines of Code (SLOC) = 9171
Hits@level = [0] 103 [1] 38 [2] 121 [3] 2 [4] 19 [5] 0
Hits@level+ = [0+] 283 [1+] 180 [2+] 142 [3+] 21 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 30.8581 [1+] 19.6271 [2+] 15.4836 [3+] 2.28983 [4+] 2.07175 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.