Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnet-ldns-perl-0.75/include/LDNS.h
Examining data/libnet-ldns-perl-0.75/ppport.h
Examining data/libnet-ldns-perl-0.75/src/assist.c
Examining data/libnet-ldns-perl-0.75/ldns/src/compat/b64_ntop.c
Examining data/libnet-ldns-perl-0.75/ldns/src/compat/b64_pton.c
Examining data/libnet-ldns-perl-0.75/ldns/src/compat/strlcpy.c
Examining data/libnet-ldns-perl-0.75/ldns/src/buffer.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dane.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dname.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_sign.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c
Examining data/libnet-ldns-perl-0.75/ldns/src/dnssec_zone.c
Examining data/libnet-ldns-perl-0.75/ldns/src/duration.c
Examining data/libnet-ldns-perl-0.75/ldns/src/error.c
Examining data/libnet-ldns-perl-0.75/ldns/src/higher.c
Examining data/libnet-ldns-perl-0.75/ldns/src/host2str.c
Examining data/libnet-ldns-perl-0.75/ldns/src/host2wire.c
Examining data/libnet-ldns-perl-0.75/ldns/src/keys.c
Examining data/libnet-ldns-perl-0.75/ldns/src/net.c
Examining data/libnet-ldns-perl-0.75/ldns/src/packet.c
Examining data/libnet-ldns-perl-0.75/ldns/src/parse.c
Examining data/libnet-ldns-perl-0.75/ldns/src/radix.c
Examining data/libnet-ldns-perl-0.75/ldns/src/rbtree.c
Examining data/libnet-ldns-perl-0.75/ldns/src/rdata.c
Examining data/libnet-ldns-perl-0.75/ldns/src/resolver.c
Examining data/libnet-ldns-perl-0.75/ldns/src/rr.c
Examining data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c
Examining data/libnet-ldns-perl-0.75/ldns/src/sha1.c
Examining data/libnet-ldns-perl-0.75/ldns/src/sha2.c
Examining data/libnet-ldns-perl-0.75/ldns/src/str2host.c
Examining data/libnet-ldns-perl-0.75/ldns/src/tsig.c
Examining data/libnet-ldns-perl-0.75/ldns/src/update.c
Examining data/libnet-ldns-perl-0.75/ldns/src/util.c
Examining data/libnet-ldns-perl-0.75/ldns/src/wire2host.c
Examining data/libnet-ldns-perl-0.75/ldns/src/zone.c
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/common.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dane.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dname.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_sign.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_verify.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/dnssec_zone.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/duration.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/error.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/higher.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/host2str.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/host2wire.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/keys.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/ldns.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/net.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/packet.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/parse.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/radix.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rbtree.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rdata.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/resolver.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rr.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/rr_functions.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/sha2.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/str2host.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/tsig.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/update.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/util.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/wire2host.h
Examining data/libnet-ldns-perl-0.75/ldns/include/ldns/zone.h
FINAL RESULTS:
data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:563:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (char *str, size_t count, const char *fmt, ...);
data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:564:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
data/libnet-ldns-perl-0.75/ldns/include/ldns/util.h:26:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dprintf(X,Y) fprintf(stderr, (X), (Y))
data/libnet-ldns-perl-0.75/ldns/src/buffer.c:111:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
written = vsnprintf((char *) ldns_buffer_current(buffer), remaining,
data/libnet-ldns-perl-0.75/ldns/src/buffer.c:123:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
written = vsnprintf((char *) ldns_buffer_current(buffer),
data/libnet-ldns-perl-0.75/ppport.h:7371:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buffer, len, format, ap);
data/libnet-ldns-perl-0.75/ppport.h:7373:14: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
retval = vsprintf(buffer, format, ap);
data/libnet-ldns-perl-0.75/ppport.h:7402:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, pat, args);
data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:541:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(x) srand(x)
data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:541:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(x) srand(x)
data/libnet-ldns-perl-0.75/ldns/include/ldns/config.h:542:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random(x) rand(x)
data/libnet-ldns-perl-0.75/ldns/src/keys.c:898:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = random();
data/libnet-ldns-perl-0.75/ldns/src/keys.c:903:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = random();
data/libnet-ldns-perl-0.75/ldns/src/util.c:383:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed_i);
data/libnet-ldns-perl-0.75/ldns/src/util.c:405:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rid = (uint16_t) random();
data/libnet-ldns-perl-0.75/ldns/src/util.c:408:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rid = (uint16_t) random();
data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:363:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->_data + at, data, count);
data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:488:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buffer->_data + at, count);
data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:14:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH];
data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:18:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]);
data/libnet-ldns-perl-0.75/ldns/include/ldns/sha1.h:20:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context);
data/libnet-ldns-perl-0.75/ldns/src/buffer.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->_data, data, size);
data/libnet-ldns-perl-0.75/ldns/src/dane.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LDNS_MAX_DOMAINLEN];
data/libnet-ldns-perl-0.75/ldns/src/dane.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
data/libnet-ldns-perl-0.75/ldns/src/dname.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ldns_rdf_data(rd1), left_size);
data/libnet-ldns-perl-0.75/ldns/src/dname.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2));
data/libnet-ldns-perl-0.75/ldns/src/dname.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2),
data/libnet-ldns-perl-0.75/ldns/src/dname.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[rd_size - src_pos - len - 1],
data/libnet-ldns-perl-0.75/ldns/src/dname.c:581:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1);
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:989:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[LDNS_SHA1_DIGEST_LENGTH];
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1013:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1014:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1027:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1028:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length);
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt_data + 1, salt, salt_length);
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1305:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1819:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoded[37+64];
data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1861:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
data/libnet-ldns-perl-0.75/ldns/src/duration.c:140:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->years = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:146:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->months = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:152:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->days = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:162:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->hours = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:168:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->minutes = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:174:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->seconds = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:185:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration->weeks = (time_t) atoi(str+1);
data/libnet-ldns-perl-0.75/ldns/src/higher.c:250:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(LDNS_RESOLV_HOSTS, "r");
data/libnet-ldns-perl-0.75/ldns/src/higher.c:253:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_buf[16];
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET_ADDRSTRLEN];
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET6_ADDRSTRLEN];
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1088:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1104:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
data/libnet-ldns-perl-0.75/ldns/src/host2str.c:1134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(public_key_data, &data[offset], public_key_size);
data/libnet-ldns-perl-0.75/ldns/src/keys.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[16384];
data/libnet-ldns-perl-0.75/ldns/src/keys.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[16384];
data/libnet-ldns-perl-0.75/ldns/src/keys.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[LDNS_MAX_LINELEN];
data/libnet-ldns-perl-0.75/ldns/src/keys.c:899:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hmac[offset], &i, sizeof(i));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:904:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hmac[offset], &i, size - offset);
data/libnet-ldns-perl-0.75/ldns/src/keys.c:1555:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin, ldns_key_hmac_key(k), size);
data/libnet-ldns-perl-0.75/ldns/src/keys.c:1618:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/libnet-ldns-perl-0.75/ldns/src/net.c:82:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd));
data/libnet-ldns-perl-0.75/ldns/src/net.c:91:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd));
data/libnet-ldns-perl-0.75/ldns/src/net.c:658:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin));
data/libnet-ldns-perl-0.75/ldns/src/radix.c:932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t));
data/libnet-ldns-perl-0.75/ldns/src/radix.c:1034:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup_str, str_to_add, strlen_to_add);
data/libnet-ldns-perl-0.75/ldns/src/radix.c:1141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(common_str, str_to_add, common_len);
data/libnet-ldns-perl-0.75/ldns/src/radix.c:1400:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(join_str, parent->array[parent_index].str,
data/libnet-ldns-perl-0.75/ldns/src/radix.c:1566:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len);
data/libnet-ldns-perl-0.75/ldns/src/rdata.c:170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdf_data + 2, data, size);
data/libnet-ldns-perl-0.75/ldns/src/rdata.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdf->_data, data, size);
data/libnet-ldns-perl-0.75/ldns/src/rdata.c:578:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, hit, hit_size);
data/libnet-ldns-perl-0.75/ldns/src/rdata.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4 + hit_size, pk, pk_size);
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:675:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(dst, src, sizeof(ldns_resolver));
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:706:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(dst->_rtt, src->_rtt,
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:770:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *keyword[LDNS_RESOLV_KEYWORDS];
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:771:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[LDNS_MAX_LINELEN + 1];
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:785:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myfp = fopen("/etc/resolv.conf", "r");
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1010:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(LDNS_RESOLV_CONF, "r");
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1013:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:1181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_rtt, old_rtt, sizeof(size_t)
data/libnet-ldns-perl-0.75/ldns/src/rr.c:419:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hex_data_size = (uint16_t) atoi(rd);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2619:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(name + 4);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2657:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(name + 5);
data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_str[11];
data/libnet-ldns-perl-0.75/ldns/src/rr_functions.c:367:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_s = (int32_t) atoi(s_str);
data/libnet-ldns-perl-0.75/ldns/src/sha1.c:47:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH])
data/libnet-ldns-perl-0.75/ldns/src/sha1.c:51:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/libnet-ldns-perl-0.75/ldns/src/sha1.c:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH];
data/libnet-ldns-perl-0.75/ldns/src/sha1.c:144:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context)
data/libnet-ldns-perl-0.75/ldns/src/sha1.c:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/libnet-ldns-perl-0.75/ldns/src/sha2.c:173:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
data/libnet-ldns-perl-0.75/ldns/src/sha2.c:177:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &l, sizeof(uint32_t));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:112:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &l, sizeof(uint32_t));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[1], salt, salt_length);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &l, sizeof(uint32_t));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:503:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
family = (uint16_t) atoi(my_str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:555:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prefix = (uint8_t) atoi(my_str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, afdpart, afdlength);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1117:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serv_port = atoi(token);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1159:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data[0] = (uint8_t) atoi(proto_str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 1, bitmap, (size_t) bm_len);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1254:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
precedence = (uint8_t)atoi(token);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1257:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gateway_type = (uint8_t)atoi(token);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1260:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
algorithm = (uint8_t)atoi(token);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 3,
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1351:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 3 + ldns_rdf_size(gateway_rdf),
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 3,
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 1, str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/tsig.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wire2, wire, *result_len);
data/libnet-ldns-perl-0.75/ldns/src/util.c:349:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rand_f = fopen("/dev/urandom", "r")) == NULL) {
data/libnet-ldns-perl-0.75/ldns/src/util.c:351:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rand_f = fopen("/dev/random", "r")) == NULL) {
data/libnet-ldns-perl-0.75/ldns/src/wire2host.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size);
data/libnet-ldns-perl-0.75/ldns/src/wire2host.c:292:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &wire[*pos], cur_rdf_length);
data/libnet-ldns-perl-0.75/ppport.h:4101:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
data/libnet-ldns-perl-0.75/ppport.h:7226:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
&& (xdigit = strchr((char *) PL_hexdigit, s[1])))
data/libnet-ldns-perl-0.75/ppport.h:7448:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + used, src, copy);
data/libnet-ldns-perl-0.75/ppport.h:7477:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, copy);
data/libnet-ldns-perl-0.75/ppport.h:7569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octbuf[32] = "%123456789ABCDF";
data/libnet-ldns-perl-0.75/ppport.h:7639:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/libnet-ldns-perl-0.75/src/assist.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rrclass[30];
data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:388:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_write_at(buffer, at, str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/include/ldns/buffer.h:399:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_write(buffer, str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/compat/b64_pton.c:130:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(origsrc) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/dname.c:520:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!dname_str || strlen(dname_str) < 2)
data/libnet-ldns-perl-0.75/ldns/src/dname.c:522:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(dname_str[strlen(dname_str) - 1] != '.')
data/libnet-ldns-perl-0.75/ldns/src/dname.c:524:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(dname_str[strlen(dname_str) - 2] != '\\')
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1609:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1611:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1629:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
data/libnet-ldns-perl-0.75/ldns/src/dnssec.c:1631:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1046:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal;
data/libnet-ldns-perl-0.75/ldns/src/dnssec_verify.c:1055:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/libnet-ldns-perl-0.75/ldns/src/duration.c:262:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:269:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:276:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:283:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:287:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
str = strncat(str, "T", 1);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:293:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:300:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/duration.c:307:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
str = strncat(str, num, count+2);
data/libnet-ldns-perl-0.75/ldns/src/keys.c:195:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(token) < 96) {
data/libnet-ldns-perl-0.75/ldns/src/keys.c:197:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ldns_fget_token_l(fp, token+strlen(token), "\n",
data/libnet-ldns-perl-0.75/ldns/src/keys.c:198:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(token)-strlen(token), line_nr) == -1)
data/libnet-ldns-perl-0.75/ldns/src/keys.c:575:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:586:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:596:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:606:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:616:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:626:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:636:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:646:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:691:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:702:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:712:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:722:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:732:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:770:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = ldns_b64_ntop_calculate_size(strlen(d));
data/libnet-ldns-perl-0.75/ldns/src/keys.c:1627:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
data/libnet-ldns-perl-0.75/ldns/src/parse.c:58:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(f)) != EOF) {
data/libnet-ldns-perl-0.75/ldns/src/parse.c:191:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
data/libnet-ldns-perl-0.75/ldns/src/parse.c:384:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF) {
data/libnet-ldns-perl-0.75/ldns/src/parse.c:410:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
data/libnet-ldns-perl-0.75/ldns/src/parse.c:423:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/resolver.c:825:45: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(myfp);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:177:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/rr.c:193:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:211:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = LDNS_XMALLOC(char, strlen(ttl) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:215:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type, ttl, strlen(ttl) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:215:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(type, ttl, strlen(ttl) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:230:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = LDNS_XMALLOC(char, strlen(clas) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:234:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type, clas, strlen(clas) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:234:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(type, clas, strlen(clas) + 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:257:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata));
data/libnet-ldns-perl-0.75/ldns/src/rr.c:259:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:278:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(owner) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:397:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd_strlen = strlen(rd);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:431:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd_strlen = strlen(rd);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:440:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hex_data_str + cur_hex_data_size, rd,
data/libnet-ldns-perl-0.75/ldns/src/rr.c:493:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(rd, xtok,
data/libnet-ldns-perl-0.75/ldns/src/rr.c:495:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rd) - 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:520:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
(void) strncat(rd, " ",
data/libnet-ldns-perl-0.75/ldns/src/rr.c:522:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rd) - 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:523:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(rd, xtok,
data/libnet-ldns-perl-0.75/ldns/src/rr.c:525:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rd) - 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:533:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
(void) strncat(rd, " ",
data/libnet-ldns-perl-0.75/ldns/src/rr.c:535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rd) - 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:536:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(rd, xtok,
data/libnet-ldns-perl-0.75/ldns/src/rr.c:538:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rd) - 1);
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2618:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2627:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name) == strlen(desc_name) &&
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2627:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name) == strlen(desc_name) &&
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2628:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(name, desc_name, strlen(desc_name)) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2635:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2637:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2641:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2643:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/rr.c:2656:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) {
data/libnet-ldns-perl-0.75/ldns/src/sha2.c:98:32: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:71:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(time) == 14 &&
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:138:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salt_length_str = (int)strlen(salt_str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:320:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char*)str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:434:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:434:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:489:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(my_str) < 2
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:511:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_ip_str, my_str, ip_str_len + 1);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:587:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str)));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:593:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_b64_ntop_calculate_size(strlen(str)));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:612:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t len = ldns_b32_pton_calculate_size(strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:619:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1,
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:620:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_b32_ntop_calculate_size(strlen(str)));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:640:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:700:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1039:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(my_str) > 0) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1044:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(my_str) > 0) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1049:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(my_str) > 0) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1089:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str) == 0)
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1091:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else token = LDNS_XMALLOC(char, strlen(str)+2);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1096:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1103:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1192:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1209:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1238:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str) == 0)
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1240:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else token = LDNS_XMALLOC(char, strlen(str)+2);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1245:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1251:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1381:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l != (int)strlen(str) || /* more data to read */
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1405:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l != (int)strlen(str)) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1428:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l != (int)strlen(str)) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1450:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 255) {
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1458:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = LDNS_XMALLOC(uint8_t, strlen(str) + 1);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1462:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data[0] = strlen(str);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1463:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(data + 1, str, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1465:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data);
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1480:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp = data = LDNS_XMALLOC(uint8_t, strlen(str));
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1520:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1;
data/libnet-ldns-perl-0.75/ldns/src/str2host.c:1521:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pk_size = pk == NULL ? 0 : strlen(pk);
data/libnet-ldns-perl-0.75/ldns/src/tsig.c:227:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_b64_pton_calculate_size(strlen(key_data)));
data/libnet-ldns-perl-0.75/ldns/src/tsig.c:233:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldns_b64_pton_calculate_size(strlen(key_data)));
data/libnet-ldns-perl-0.75/ldns/src/util.c:146:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) % 2 != 0) {
data/libnet-ldns-perl-0.75/ldns/src/util.c:150:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str) / 2; i++) {
data/libnet-ldns-perl-0.75/ldns/src/util.c:354:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (read = 0; read < size; read++) {
data/libnet-ldns-perl-0.75/ldns/src/util.c:356:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
seed[read] = (uint8_t) (tv.tv_usec % 256);
data/libnet-ldns-perl-0.75/ldns/src/util.c:369:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < size) {
data/libnet-ldns-perl-0.75/ppport.h:5622:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));
data/libnet-ldns-perl-0.75/ppport.h:5630:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libnet-ldns-perl-0.75/ppport.h:5634:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libnet-ldns-perl-0.75/ppport.h:5654:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libnet-ldns-perl-0.75/ppport.h:5682:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libnet-ldns-perl-0.75/ppport.h:5703:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libnet-ldns-perl-0.75/ppport.h:5725:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libnet-ldns-perl-0.75/ppport.h:5753:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libnet-ldns-perl-0.75/ppport.h:5774:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libnet-ldns-perl-0.75/ppport.h:5828:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0)
data/libnet-ldns-perl-0.75/ppport.h:6820:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(radix);
data/libnet-ldns-perl-0.75/ppport.h:7404:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buffer);
data/libnet-ldns-perl-0.75/ppport.h:7444:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = strlen(dst);
data/libnet-ldns-perl-0.75/ppport.h:7445:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
data/libnet-ldns-perl-0.75/ppport.h:7474:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
ANALYSIS SUMMARY:
Hits = 260
Lines analyzed = 50556 in approximately 1.23 seconds (40945 lines/second)
Physical Source Lines of Code (SLOC) = 30563
Hits@level = [0] 151 [1] 139 [2] 105 [3] 8 [4] 8 [5] 0
Hits@level+ = [0+] 411 [1+] 260 [2+] 121 [3+] 16 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 13.4476 [1+] 8.50702 [2+] 3.95904 [3+] 0.523509 [4+] 0.261754 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.