Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnet-ldns-perl-0.75/include/LDNS.h Examining data/libnet-ldns-perl-0.75/ppport.h Examining data/libnet-ldns-perl-0.75/src/assist.c Examining data/libnet-ldns-perl-0.75/ldns/src/compat/b64_ntop.c Examining data/libnet-ldns-perl-0.75/ldns/src/compat/b64_pton.c Examining data/libnet-ldns-perl-0.75/ldns/src/compat/strlcpy.c Examining data/libnet-ldns-perl-0.75/ldns/src/buffer.c Examining data/libnet-ldns-perl-0.75/ldns/src/dane.c Examining data/libnet-ldns-perl-0.75/ldns/src/dname.c Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec.c Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_sign.c Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_zone.c Examining data/libnet-ldns-perl-0.75/ldns/src/duration.c Examining data/libnet-ldns-perl-0.75/ldns/src/error.c Examining data/libnet-ldns-perl-0.75/ldns/src/higher.c Examining data/libnet-ldns-perl-0.75/ldns/src/host2str.c Examining data/libnet-ldns-perl-0.75/ldns/src/host2wire.c Examining data/libnet-ldns-perl-0.75/ldns/src/keys.c Examining data/libnet-ldns-perl-0.75/ldns/src/net.c Examining data/libnet-ldns-perl-0.75/ldns/src/packet.c Examining data/libnet-ldns-perl-0.75/ldns/src/parse.c Examining data/libnet-ldns-perl-0.75/ldns/src/radix.c Examining data/libnet-ldns-perl-0.75/ldns/src/rbtree.c Examining data/libnet-ldns-perl-0.75/ldns/src/rdata.c Examining data/libnet-ldns-perl-0.75/ldns/src/resolver.c Examining data/libnet-ldns-perl-0.75/ldns/src/rr.c Examining data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c Examining data/libnet-ldns-perl-0.75/ldns/src/sha1.c Examining data/libnet-ldns-perl-0.75/ldns/src/sha2.c Examining data/libnet-ldns-perl-0.75/ldns/src/str2host.c Examining data/libnet-ldns-perl-0.75/ldns/src/tsig.c Examining data/libnet-ldns-perl-0.75/ldns/src/update.c Examining data/libnet-ldns-perl-0.75/ldns/src/util.c Examining data/libnet-ldns-perl-0.75/ldns/src/wire2host.c Examining data/libnet-ldns-perl-0.75/ldns/src/zone.c Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/common.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dane.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dname.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_sign.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_verify.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_zone.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/duration.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/error.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/higher.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/host2str.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/host2wire.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/keys.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/ldns.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/net.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/packet.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/parse.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/radix.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rbtree.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rdata.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/resolver.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rr.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rr_functions.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/sha2.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/str2host.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/tsig.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/update.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/util.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/wire2host.h Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/zone.h FINAL RESULTS: data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:563:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf (char *str, size_t count, const char *fmt, ...); data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:564:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); data/libnet-ldns-perl-0.75/ldns/include/ldns/util.h:26:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define dprintf(X,Y) fprintf(stderr, (X), (Y)) data/libnet-ldns-perl-0.75/ldns/src/buffer.c:111:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, data/libnet-ldns-perl-0.75/ldns/src/buffer.c:123:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. written = vsnprintf((char *) ldns_buffer_current(buffer), data/libnet-ldns-perl-0.75/ppport.h:7371:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. retval = vsnprintf(buffer, len, format, ap); data/libnet-ldns-perl-0.75/ppport.h:7373:14: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. retval = vsprintf(buffer, format, ap); data/libnet-ldns-perl-0.75/ppport.h:7402:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, pat, args); data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:541:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom(x) srand(x) data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:541:20: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom(x) srand(x) data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:542:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random(x) rand(x) data/libnet-ldns-perl-0.75/ldns/src/keys.c:898:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. i = random(); data/libnet-ldns-perl-0.75/ldns/src/keys.c:903:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. i = random(); data/libnet-ldns-perl-0.75/ldns/src/util.c:383:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(seed_i); data/libnet-ldns-perl-0.75/ldns/src/util.c:405:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rid = (uint16_t) random(); data/libnet-ldns-perl-0.75/ldns/src/util.c:408:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rid = (uint16_t) random(); data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:363:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->_data + at, data, count); data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:488:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buffer->_data + at, count); data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:14:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]; data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:18:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]); data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:20:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context); data/libnet-ldns-perl-0.75/ldns/src/buffer.c:53:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->_data, data, size); data/libnet-ldns-perl-0.75/ldns/src/dane.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LDNS_MAX_DOMAINLEN]; data/libnet-ldns-perl-0.75/ldns/src/dane.c:65:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); data/libnet-ldns-perl-0.75/ldns/src/dname.c:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ldns_rdf_data(rd1), left_size); data/libnet-ldns-perl-0.75/ldns/src/dname.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2)); data/libnet-ldns-perl-0.75/ldns/src/dname.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2), data/libnet-ldns-perl-0.75/ldns/src/dname.c:153:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[rd_size - src_pos - len - 1], data/libnet-ldns-perl-0.75/ldns/src/dname.c:581:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:989:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[LDNS_SHA1_DIGEST_LENGTH]; data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1013:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann)); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1014:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1027:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1028:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt_data + 1, salt, salt_length); data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1305:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1819:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char encoded[37+64]; data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1861:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ data/libnet-ldns-perl-0.75/ldns/src/duration.c:140:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->years = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:146:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->months = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:152:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->days = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:162:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->hours = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:168:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->minutes = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:174:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->seconds = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:185:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration->weeks = (time_t) atoi(str+1); data/libnet-ldns-perl-0.75/ldns/src/higher.c:250:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(LDNS_RESOLV_HOSTS, "r"); data/libnet-ldns-perl-0.75/ldns/src/higher.c:253:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/libnet-ldns-perl-0.75/ldns/src/host2str.c:400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_buf[16]; data/libnet-ldns-perl-0.75/ldns/src/host2str.c:413:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET_ADDRSTRLEN]; data/libnet-ldns-perl-0.75/ldns/src/host2str.c:424:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET6_ADDRSTRLEN]; data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1088:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN); data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1104:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN); data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(public_key_data, &data[offset], public_key_size); data/libnet-ldns-perl-0.75/ldns/src/keys.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[16384]; data/libnet-ldns-perl-0.75/ldns/src/keys.c:241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[16384]; data/libnet-ldns-perl-0.75/ldns/src/keys.c:764:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[LDNS_MAX_LINELEN]; data/libnet-ldns-perl-0.75/ldns/src/keys.c:899:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hmac[offset], &i, sizeof(i)); data/libnet-ldns-perl-0.75/ldns/src/keys.c:904:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hmac[offset], &i, size - offset); data/libnet-ldns-perl-0.75/ldns/src/keys.c:1555:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bin, ldns_key_hmac_key(k), size); data/libnet-ldns-perl-0.75/ldns/src/keys.c:1618:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/libnet-ldns-perl-0.75/ldns/src/net.c:82:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd)); data/libnet-ldns-perl-0.75/ldns/src/net.c:91:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd)); data/libnet-ldns-perl-0.75/ldns/src/net.c:658:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin)); data/libnet-ldns-perl-0.75/ldns/src/radix.c:932:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t)); data/libnet-ldns-perl-0.75/ldns/src/radix.c:1034:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup_str, str_to_add, strlen_to_add); data/libnet-ldns-perl-0.75/ldns/src/radix.c:1141:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(common_str, str_to_add, common_len); data/libnet-ldns-perl-0.75/ldns/src/radix.c:1400:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(join_str, parent->array[parent_index].str, data/libnet-ldns-perl-0.75/ldns/src/radix.c:1566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len); data/libnet-ldns-perl-0.75/ldns/src/rdata.c:170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rdf_data + 2, data, size); data/libnet-ldns-perl-0.75/ldns/src/rdata.c:216:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rdf->_data, data, size); data/libnet-ldns-perl-0.75/ldns/src/rdata.c:578:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 4, hit, hit_size); data/libnet-ldns-perl-0.75/ldns/src/rdata.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 4 + hit_size, pk, pk_size); data/libnet-ldns-perl-0.75/ldns/src/resolver.c:675:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dst, src, sizeof(ldns_resolver)); data/libnet-ldns-perl-0.75/ldns/src/resolver.c:706:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dst->_rtt, src->_rtt, data/libnet-ldns-perl-0.75/ldns/src/resolver.c:770:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keyword[LDNS_RESOLV_KEYWORDS]; data/libnet-ldns-perl-0.75/ldns/src/resolver.c:771:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[LDNS_MAX_LINELEN + 1]; data/libnet-ldns-perl-0.75/ldns/src/resolver.c:785:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). myfp = fopen("/etc/resolv.conf", "r"); data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1010:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(LDNS_RESOLV_CONF, "r"); data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1013:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_rtt, old_rtt, sizeof(size_t) data/libnet-ldns-perl-0.75/ldns/src/rr.c:419:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hex_data_size = (uint16_t) atoi(rd); data/libnet-ldns-perl-0.75/ldns/src/rr.c:2619:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(name + 4); data/libnet-ldns-perl-0.75/ldns/src/rr.c:2657:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(name + 5); data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_str[11]; data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c:367:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_s = (int32_t) atoi(s_str); data/libnet-ldns-perl-0.75/ldns/src/sha1.c:47:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]) data/libnet-ldns-perl-0.75/ldns/src/sha1.c:51:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[64]; data/libnet-ldns-perl-0.75/ldns/src/sha1.c:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH]; data/libnet-ldns-perl-0.75/ldns/src/sha1.c:144:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context) data/libnet-ldns-perl-0.75/ldns/src/sha1.c:147:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char finalcount[8]; data/libnet-ldns-perl-0.75/ldns/src/sha2.c:173:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) data/libnet-ldns-perl-0.75/ldns/src/sha2.c:177:29: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) data/libnet-ldns-perl-0.75/ldns/src/str2host.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, &l, sizeof(uint32_t)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:112:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, &l, sizeof(uint32_t)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:169:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data[1], salt, salt_length); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, &l, sizeof(uint32_t)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:503:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). family = (uint16_t) atoi(my_str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:555:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). prefix = (uint8_t) atoi(my_str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:571:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 4, afdpart, afdlength); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1117:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). serv_port = atoi(token); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1159:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). data[0] = (uint8_t) atoi(proto_str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1161:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 1, bitmap, (size_t) bm_len); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1254:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). precedence = (uint8_t)atoi(token); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1257:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gateway_type = (uint8_t)atoi(token); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1260:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). algorithm = (uint8_t)atoi(token); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1349:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 3, data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 3 + ldns_rdf_size(gateway_rdf), data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1354:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 3, data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1463:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 1, str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/tsig.c:124:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wire2, wire, *result_len); data/libnet-ldns-perl-0.75/ldns/src/util.c:349:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rand_f = fopen("/dev/urandom", "r")) == NULL) { data/libnet-ldns-perl-0.75/ldns/src/util.c:351:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rand_f = fopen("/dev/random", "r")) == NULL) { data/libnet-ldns-perl-0.75/ldns/src/wire2host.c:122:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size); data/libnet-ldns-perl-0.75/ldns/src/wire2host.c:292:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &wire[*pos], cur_rdf_length); data/libnet-ldns-perl-0.75/ppport.h:4101:42: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t)) data/libnet-ldns-perl-0.75/ppport.h:7226:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. && (xdigit = strchr((char *) PL_hexdigit, s[1]))) data/libnet-ldns-perl-0.75/ppport.h:7448:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + used, src, copy); data/libnet-ldns-perl-0.75/ppport.h:7477:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copy); data/libnet-ldns-perl-0.75/ppport.h:7569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char octbuf[32] = "%123456789ABCDF"; data/libnet-ldns-perl-0.75/ppport.h:7639:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/libnet-ldns-perl-0.75/src/assist.c:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rrclass[30]; data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:388:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_write_at(buffer, at, str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:399:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_write(buffer, str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/compat/b64_pton.c:130:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(origsrc) == 0) { data/libnet-ldns-perl-0.75/ldns/src/dname.c:520:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!dname_str || strlen(dname_str) < 2) data/libnet-ldns-perl-0.75/ldns/src/dname.c:522:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dname_str[strlen(dname_str) - 1] != '.') data/libnet-ldns-perl-0.75/ldns/src/dname.c:524:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dname_str[strlen(dname_str) - 2] != '\\') data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1609:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1611:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1629:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1631:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1046:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal; data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1055:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) { data/libnet-ldns-perl-0.75/ldns/src/duration.c:262:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:269:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:276:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:283:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:287:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. str = strncat(str, "T", 1); data/libnet-ldns-perl-0.75/ldns/src/duration.c:293:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:300:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/duration.c:307:15: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. str = strncat(str, num, count+2); data/libnet-ldns-perl-0.75/ldns/src/keys.c:195:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(strlen(token) < 96) { data/libnet-ldns-perl-0.75/ldns/src/keys.c:197:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ldns_fget_token_l(fp, token+strlen(token), "\n", data/libnet-ldns-perl-0.75/ldns/src/keys.c:198:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(token)-strlen(token), line_nr) == -1) data/libnet-ldns-perl-0.75/ldns/src/keys.c:575:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:586:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:596:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:606:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:616:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:626:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:636:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:646:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:691:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:702:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:712:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:722:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:732:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); data/libnet-ldns-perl-0.75/ldns/src/keys.c:770:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufsz = ldns_b64_ntop_calculate_size(strlen(d)); data/libnet-ldns-perl-0.75/ldns/src/keys.c:1627:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) { data/libnet-ldns-perl-0.75/ldns/src/parse.c:58:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF) { data/libnet-ldns-perl-0.75/ldns/src/parse.c:191:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) data/libnet-ldns-perl-0.75/ldns/src/parse.c:384:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(fp)) != EOF) { data/libnet-ldns-perl-0.75/ldns/src/parse.c:410:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) data/libnet-ldns-perl-0.75/ldns/src/parse.c:423:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { data/libnet-ldns-perl-0.75/ldns/src/resolver.c:825:45: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(myfp); data/libnet-ldns-perl-0.75/ldns/src/rr.c:177:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/rr.c:193:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:211:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type = LDNS_XMALLOC(char, strlen(ttl) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:215:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(type, ttl, strlen(ttl) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:215:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(type, ttl, strlen(ttl) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:230:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type = LDNS_XMALLOC(char, strlen(clas) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:234:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(type, clas, strlen(clas) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:234:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(type, clas, strlen(clas) + 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:257:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); data/libnet-ldns-perl-0.75/ldns/src/rr.c:259:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:278:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(owner) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:397:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rd_strlen = strlen(rd); data/libnet-ldns-perl-0.75/ldns/src/rr.c:431:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rd_strlen = strlen(rd); data/libnet-ldns-perl-0.75/ldns/src/rr.c:440:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hex_data_str + cur_hex_data_size, rd, data/libnet-ldns-perl-0.75/ldns/src/rr.c:493:14: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void) strncat(rd, xtok, data/libnet-ldns-perl-0.75/ldns/src/rr.c:495:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rd) - 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:520:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. (void) strncat(rd, " ", data/libnet-ldns-perl-0.75/ldns/src/rr.c:522:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rd) - 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:523:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void) strncat(rd, xtok, data/libnet-ldns-perl-0.75/ldns/src/rr.c:525:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rd) - 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:533:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. (void) strncat(rd, " ", data/libnet-ldns-perl-0.75/ldns/src/rr.c:535:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rd) - 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:536:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void) strncat(rd, xtok, data/libnet-ldns-perl-0.75/ldns/src/rr.c:538:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rd) - 1); data/libnet-ldns-perl-0.75/ldns/src/rr.c:2618:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2627:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) == strlen(desc_name) && data/libnet-ldns-perl-0.75/ldns/src/rr.c:2627:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) == strlen(desc_name) && data/libnet-ldns-perl-0.75/ldns/src/rr.c:2628:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncasecmp(name, desc_name, strlen(desc_name)) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2635:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2637:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2639:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2641:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2643:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { data/libnet-ldns-perl-0.75/ldns/src/rr.c:2656:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { data/libnet-ldns-perl-0.75/ldns/src/sha2.c:98:32: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN data/libnet-ldns-perl-0.75/ldns/src/str2host.c:71:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(time) == 14 && data/libnet-ldns-perl-0.75/ldns/src/str2host.c:138:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). salt_length_str = (int)strlen(salt_str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:320:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char*)str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:434:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:434:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:489:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(my_str) < 2 data/libnet-ldns-perl-0.75/ldns/src/str2host.c:511:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(my_ip_str, my_str, ip_str_len + 1); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:587:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str))); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:593:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_b64_ntop_calculate_size(strlen(str))); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:612:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint8_t len = ldns_b32_pton_calculate_size(strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:619:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1, data/libnet-ldns-perl-0.75/ldns/src/str2host.c:620:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_b32_ntop_calculate_size(strlen(str))); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:640:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:700:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1039:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(my_str) > 0) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1044:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(my_str) > 0) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1049:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(my_str) > 0) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1089:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(str) == 0) data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1091:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else token = LDNS_XMALLOC(char, strlen(str)+2); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1096:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1103:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1192:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1209:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1238:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(str) == 0) data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1240:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else token = LDNS_XMALLOC(char, strlen(str)+2); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1245:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1251:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1381:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l != (int)strlen(str) || /* more data to read */ data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1405:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l != (int)strlen(str)) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1428:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l != (int)strlen(str)) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1450:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > 255) { data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1458:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data = LDNS_XMALLOC(uint8_t, strlen(str) + 1); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1462:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data[0] = strlen(str); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1463:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(data + 1, str, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1465:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1480:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp = data = LDNS_XMALLOC(uint8_t, strlen(str)); data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1520:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1; data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1521:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pk_size = pk == NULL ? 0 : strlen(pk); data/libnet-ldns-perl-0.75/ldns/src/tsig.c:227:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_b64_pton_calculate_size(strlen(key_data))); data/libnet-ldns-perl-0.75/ldns/src/tsig.c:233:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldns_b64_pton_calculate_size(strlen(key_data))); data/libnet-ldns-perl-0.75/ldns/src/util.c:146:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) % 2 != 0) { data/libnet-ldns-perl-0.75/ldns/src/util.c:150:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(str) / 2; i++) { data/libnet-ldns-perl-0.75/ldns/src/util.c:354:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (read = 0; read < size; read++) { data/libnet-ldns-perl-0.75/ldns/src/util.c:356:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seed[read] = (uint8_t) (tv.tv_usec % 256); data/libnet-ldns-perl-0.75/ldns/src/util.c:369:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < size) { data/libnet-ldns-perl-0.75/ppport.h:5622:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); data/libnet-ldns-perl-0.75/ppport.h:5630:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libnet-ldns-perl-0.75/ppport.h:5634:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libnet-ldns-perl-0.75/ppport.h:5654:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libnet-ldns-perl-0.75/ppport.h:5682:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libnet-ldns-perl-0.75/ppport.h:5703:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libnet-ldns-perl-0.75/ppport.h:5725:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libnet-ldns-perl-0.75/ppport.h:5753:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libnet-ldns-perl-0.75/ppport.h:5774:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libnet-ldns-perl-0.75/ppport.h:5828:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0) data/libnet-ldns-perl-0.75/ppport.h:6820:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STRLEN len = strlen(radix); data/libnet-ldns-perl-0.75/ppport.h:7404:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buffer); data/libnet-ldns-perl-0.75/ppport.h:7444:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used = strlen(dst); data/libnet-ldns-perl-0.75/ppport.h:7445:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/libnet-ldns-perl-0.75/ppport.h:7474:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); ANALYSIS SUMMARY: Hits = 260 Lines analyzed = 50556 in approximately 1.23 seconds (40945 lines/second) Physical Source Lines of Code (SLOC) = 30563 Hits@level = [0] 151 [1] 139 [2] 105 [3] 8 [4] 8 [5] 0 Hits@level+ = [0+] 411 [1+] 260 [2+] 121 [3+] 16 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 13.4476 [1+] 8.50702 [2+] 3.95904 [3+] 0.523509 [4+] 0.261754 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.