Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ncrack-0.7+debian/Buf.cc
Examining data/ncrack-0.7+debian/Buf.h
Examining data/ncrack-0.7+debian/Connection.cc
Examining data/ncrack-0.7+debian/Connection.h
Examining data/ncrack-0.7+debian/NcrackOps.cc
Examining data/ncrack-0.7+debian/NcrackOps.h
Examining data/ncrack-0.7+debian/NcrackOutputTable.cc
Examining data/ncrack-0.7+debian/NcrackOutputTable.h
Examining data/ncrack-0.7+debian/Service.cc
Examining data/ncrack-0.7+debian/Service.h
Examining data/ncrack-0.7+debian/ServiceGroup.cc
Examining data/ncrack-0.7+debian/ServiceGroup.h
Examining data/ncrack-0.7+debian/Target.cc
Examining data/ncrack-0.7+debian/Target.h
Examining data/ncrack-0.7+debian/TargetGroup.cc
Examining data/ncrack-0.7+debian/TargetGroup.h
Examining data/ncrack-0.7+debian/crypto.cc
Examining data/ncrack-0.7+debian/crypto.h
Examining data/ncrack-0.7+debian/global_structures.h
Examining data/ncrack-0.7+debian/http.cc
Examining data/ncrack-0.7+debian/http.h
Examining data/ncrack-0.7+debian/http_digest.cc
Examining data/ncrack-0.7+debian/modules/modules.h
Examining data/ncrack-0.7+debian/modules/ncrack_cassandra.cc
Examining data/ncrack-0.7+debian/modules/ncrack_cvs.cc
Examining data/ncrack-0.7+debian/modules/ncrack_dicom.cc
Examining data/ncrack-0.7+debian/modules/ncrack_ftp.cc
Examining data/ncrack-0.7+debian/modules/ncrack_http.cc
Examining data/ncrack-0.7+debian/modules/ncrack_imap.cc
Examining data/ncrack-0.7+debian/modules/ncrack_joomla.cc
Examining data/ncrack-0.7+debian/modules/ncrack_mongodb.cc
Examining data/ncrack-0.7+debian/modules/ncrack_mqtt.cc
Examining data/ncrack-0.7+debian/modules/ncrack_mssql.cc
Examining data/ncrack-0.7+debian/modules/ncrack_mysql.cc
Examining data/ncrack-0.7+debian/modules/ncrack_owa.cc
Examining data/ncrack-0.7+debian/modules/ncrack_pop3.cc
Examining data/ncrack-0.7+debian/modules/ncrack_psql.cc
Examining data/ncrack-0.7+debian/modules/ncrack_rdp.cc
Examining data/ncrack-0.7+debian/modules/ncrack_redis.cc
Examining data/ncrack-0.7+debian/modules/ncrack_sip.cc
Examining data/ncrack-0.7+debian/modules/ncrack_smb.cc
Examining data/ncrack-0.7+debian/modules/ncrack_smb2.cc
Examining data/ncrack-0.7+debian/modules/ncrack_ssh.cc
Examining data/ncrack-0.7+debian/modules/ncrack_telnet.cc
Examining data/ncrack-0.7+debian/modules/ncrack_vnc.cc
Examining data/ncrack-0.7+debian/modules/ncrack_winrm.cc
Examining data/ncrack-0.7+debian/modules/ncrack_wordpress.cc
Examining data/ncrack-0.7+debian/nbase/getaddrinfo.c
Examining data/ncrack-0.7+debian/nbase/getnameinfo.c
Examining data/ncrack-0.7+debian/nbase/getopt.c
Examining data/ncrack-0.7+debian/nbase/getopt.h
Examining data/ncrack-0.7+debian/nbase/inet_ntop.c
Examining data/ncrack-0.7+debian/nbase/inet_pton.c
Examining data/ncrack-0.7+debian/nbase/nbase.h
Examining data/ncrack-0.7+debian/nbase/nbase_addrset.c
Examining data/ncrack-0.7+debian/nbase/nbase_addrset.h
Examining data/ncrack-0.7+debian/nbase/nbase_crc32ct.h
Examining data/ncrack-0.7+debian/nbase/nbase_ipv6.h
Examining data/ncrack-0.7+debian/nbase/nbase_memalloc.c
Examining data/ncrack-0.7+debian/nbase/nbase_misc.c
Examining data/ncrack-0.7+debian/nbase/nbase_rnd.c
Examining data/ncrack-0.7+debian/nbase/nbase_str.c
Examining data/ncrack-0.7+debian/nbase/nbase_time.c
Examining data/ncrack-0.7+debian/nbase/nbase_winconfig.h
Examining data/ncrack-0.7+debian/nbase/nbase_winunix.c
Examining data/ncrack-0.7+debian/nbase/nbase_winunix.h
Examining data/ncrack-0.7+debian/nbase/snprintf.c
Examining data/ncrack-0.7+debian/nbase/strcasecmp.c
Examining data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c
Examining data/ncrack-0.7+debian/ncrack.h
Examining data/ncrack-0.7+debian/ncrack_error.cc
Examining data/ncrack-0.7+debian/ncrack_error.h
Examining data/ncrack-0.7+debian/ncrack_input.h
Examining data/ncrack-0.7+debian/ncrack_resume.cc
Examining data/ncrack-0.7+debian/ncrack_resume.h
Examining data/ncrack-0.7+debian/ncrack_tty.cc
Examining data/ncrack-0.7+debian/ncrack_tty.h
Examining data/ncrack-0.7+debian/ncrack_winconfig.h
Examining data/ncrack-0.7+debian/nsock/examples/nsock_telnet.c
Examining data/ncrack-0.7+debian/nsock/examples/nsock_test_timers.c
Examining data/ncrack-0.7+debian/nsock/include/nsock.h
Examining data/ncrack-0.7+debian/nsock/include/nsock_winconfig.h
Examining data/ncrack-0.7+debian/nsock/src/engine_epoll.c
Examining data/ncrack-0.7+debian/nsock/src/engine_iocp.c
Examining data/ncrack-0.7+debian/nsock/src/engine_kqueue.c
Examining data/ncrack-0.7+debian/nsock/src/engine_poll.c
Examining data/ncrack-0.7+debian/nsock/src/engine_select.c
Examining data/ncrack-0.7+debian/nsock/src/error.c
Examining data/ncrack-0.7+debian/nsock/src/error.h
Examining data/ncrack-0.7+debian/nsock/src/filespace.c
Examining data/ncrack-0.7+debian/nsock/src/filespace.h
Examining data/ncrack-0.7+debian/nsock/src/gh_heap.c
Examining data/ncrack-0.7+debian/nsock/src/gh_heap.h
Examining data/ncrack-0.7+debian/nsock/src/gh_list.h
Examining data/ncrack-0.7+debian/nsock/src/netutils.c
Examining data/ncrack-0.7+debian/nsock/src/netutils.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_connect.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_core.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_engines.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_event.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_internal.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_iod.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_log.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_log.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_pcap.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_pcap.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_pool.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_proxy.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_proxy.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_read.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_ssl.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_ssl.h
Examining data/ncrack-0.7+debian/nsock/src/nsock_timers.c
Examining data/ncrack-0.7+debian/nsock/src/nsock_write.c
Examining data/ncrack-0.7+debian/nsock/src/proxy_http.c
Examining data/ncrack-0.7+debian/nsock/src/proxy_socks4.c
Examining data/ncrack-0.7+debian/nsock/tests/basic.c
Examining data/ncrack-0.7+debian/nsock/tests/cancel.c
Examining data/ncrack-0.7+debian/nsock/tests/connect.c
Examining data/ncrack-0.7+debian/nsock/tests/ghheaps.c
Examining data/ncrack-0.7+debian/nsock/tests/ghlists.c
Examining data/ncrack-0.7+debian/nsock/tests/logs.c
Examining data/ncrack-0.7+debian/nsock/tests/test-common.h
Examining data/ncrack-0.7+debian/nsock/tests/tests_main.c
Examining data/ncrack-0.7+debian/nsock/tests/timer.c
Examining data/ncrack-0.7+debian/ntlmssp.cc
Examining data/ncrack-0.7+debian/ntlmssp.h
Examining data/ncrack-0.7+debian/opensshlib/addrmatch.c
Examining data/ncrack-0.7+debian/opensshlib/arc4random.c
Examining data/ncrack-0.7+debian/opensshlib/audit.h
Examining data/ncrack-0.7+debian/opensshlib/auth.h
Examining data/ncrack-0.7+debian/opensshlib/authfd.h
Examining data/ncrack-0.7+debian/opensshlib/authfile.h
Examining data/ncrack-0.7+debian/opensshlib/base64.c
Examining data/ncrack-0.7+debian/opensshlib/base64.h
Examining data/ncrack-0.7+debian/opensshlib/bcrypt_pbkdf.c
Examining data/ncrack-0.7+debian/opensshlib/blf.h
Examining data/ncrack-0.7+debian/opensshlib/blocks.c
Examining data/ncrack-0.7+debian/opensshlib/blowfish.c
Examining data/ncrack-0.7+debian/opensshlib/bsd-asprintf.c
Examining data/ncrack-0.7+debian/opensshlib/bsd-cray.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-cygwin_util.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-misc.c
Examining data/ncrack-0.7+debian/opensshlib/bsd-misc.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-nextstep.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-poll.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-setres_id.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c
Examining data/ncrack-0.7+debian/opensshlib/bsd-statvfs.h
Examining data/ncrack-0.7+debian/opensshlib/bsd-waitpid.h
Examining data/ncrack-0.7+debian/opensshlib/bufaux.c
Examining data/ncrack-0.7+debian/opensshlib/bufbn.c
Examining data/ncrack-0.7+debian/opensshlib/buffer.c
Examining data/ncrack-0.7+debian/opensshlib/buffer.h
Examining data/ncrack-0.7+debian/opensshlib/canohost.h
Examining data/ncrack-0.7+debian/opensshlib/chacha.c
Examining data/ncrack-0.7+debian/opensshlib/chacha.h
Examining data/ncrack-0.7+debian/opensshlib/chacha_private.h
Examining data/ncrack-0.7+debian/opensshlib/channels.h
Examining data/ncrack-0.7+debian/opensshlib/charclass.h
Examining data/ncrack-0.7+debian/opensshlib/cipher-3des1.c
Examining data/ncrack-0.7+debian/opensshlib/cipher-aes.c
Examining data/ncrack-0.7+debian/opensshlib/cipher-aesctr.c
Examining data/ncrack-0.7+debian/opensshlib/cipher-aesctr.h
Examining data/ncrack-0.7+debian/opensshlib/cipher-bf1.c
Examining data/ncrack-0.7+debian/opensshlib/cipher-chachapoly.c
Examining data/ncrack-0.7+debian/opensshlib/cipher-chachapoly.h
Examining data/ncrack-0.7+debian/opensshlib/cipher-ctr.c
Examining data/ncrack-0.7+debian/opensshlib/cipher.c
Examining data/ncrack-0.7+debian/opensshlib/cipher.h
Examining data/ncrack-0.7+debian/opensshlib/cleanup.c
Examining data/ncrack-0.7+debian/opensshlib/compat.c
Examining data/ncrack-0.7+debian/opensshlib/compat.h
Examining data/ncrack-0.7+debian/opensshlib/crc32.c
Examining data/ncrack-0.7+debian/opensshlib/crc32.h
Examining data/ncrack-0.7+debian/opensshlib/crypto_api.h
Examining data/ncrack-0.7+debian/opensshlib/defines.h
Examining data/ncrack-0.7+debian/opensshlib/dh.c
Examining data/ncrack-0.7+debian/opensshlib/dh.h
Examining data/ncrack-0.7+debian/opensshlib/digest-libc.c
Examining data/ncrack-0.7+debian/opensshlib/digest-openssl.c
Examining data/ncrack-0.7+debian/opensshlib/digest.h
Examining data/ncrack-0.7+debian/opensshlib/dispatch.h
Examining data/ncrack-0.7+debian/opensshlib/ed25519.c
Examining data/ncrack-0.7+debian/opensshlib/entropy.h
Examining data/ncrack-0.7+debian/opensshlib/explicit_bzero.c
Examining data/ncrack-0.7+debian/opensshlib/fake-rfc2553.h
Examining data/ncrack-0.7+debian/opensshlib/fatal.c
Examining data/ncrack-0.7+debian/opensshlib/fe25519.c
Examining data/ncrack-0.7+debian/opensshlib/fe25519.h
Examining data/ncrack-0.7+debian/opensshlib/freezero.c
Examining data/ncrack-0.7+debian/opensshlib/ge25519.c
Examining data/ncrack-0.7+debian/opensshlib/ge25519.h
Examining data/ncrack-0.7+debian/opensshlib/getopt.h
Examining data/ncrack-0.7+debian/opensshlib/getrrsetbyname.h
Examining data/ncrack-0.7+debian/opensshlib/glob.h
Examining data/ncrack-0.7+debian/opensshlib/hash.c
Examining data/ncrack-0.7+debian/opensshlib/hmac.c
Examining data/ncrack-0.7+debian/opensshlib/hmac.h
Examining data/ncrack-0.7+debian/opensshlib/hostfile.h
Examining data/ncrack-0.7+debian/opensshlib/includes.h
Examining data/ncrack-0.7+debian/opensshlib/kex.c
Examining data/ncrack-0.7+debian/opensshlib/kex.h
Examining data/ncrack-0.7+debian/opensshlib/kexc25519.c
Examining data/ncrack-0.7+debian/opensshlib/kexc25519c.c
Examining data/ncrack-0.7+debian/opensshlib/kexdh.c
Examining data/ncrack-0.7+debian/opensshlib/kexdhc.c
Examining data/ncrack-0.7+debian/opensshlib/kexecdh.c
Examining data/ncrack-0.7+debian/opensshlib/kexecdhc.c
Examining data/ncrack-0.7+debian/opensshlib/kexgex.c
Examining data/ncrack-0.7+debian/opensshlib/kexgexc.c
Examining data/ncrack-0.7+debian/opensshlib/key.c
Examining data/ncrack-0.7+debian/opensshlib/key.h
Examining data/ncrack-0.7+debian/opensshlib/log.c
Examining data/ncrack-0.7+debian/opensshlib/log.h
Examining data/ncrack-0.7+debian/opensshlib/mac.c
Examining data/ncrack-0.7+debian/opensshlib/mac.h
Examining data/ncrack-0.7+debian/opensshlib/match.c
Examining data/ncrack-0.7+debian/opensshlib/match.h
Examining data/ncrack-0.7+debian/opensshlib/md-sha256.c
Examining data/ncrack-0.7+debian/opensshlib/md5.h
Examining data/ncrack-0.7+debian/opensshlib/misc.c
Examining data/ncrack-0.7+debian/opensshlib/misc.h
Examining data/ncrack-0.7+debian/opensshlib/moduli.c
Examining data/ncrack-0.7+debian/opensshlib/monitor.h
Examining data/ncrack-0.7+debian/opensshlib/msg.h
Examining data/ncrack-0.7+debian/opensshlib/myproposal.h
Examining data/ncrack-0.7+debian/opensshlib/opacket.c
Examining data/ncrack-0.7+debian/opensshlib/opacket.h
Examining data/ncrack-0.7+debian/opensshlib/openbsd-compat.h
Examining data/ncrack-0.7+debian/opensshlib/openssh.h
Examining data/ncrack-0.7+debian/opensshlib/opensshlib.h
Examining data/ncrack-0.7+debian/opensshlib/openssl-compat.h
Examining data/ncrack-0.7+debian/opensshlib/packet.c
Examining data/ncrack-0.7+debian/opensshlib/packet.h
Examining data/ncrack-0.7+debian/opensshlib/pathnames.h
Examining data/ncrack-0.7+debian/opensshlib/platform.c
Examining data/ncrack-0.7+debian/opensshlib/platform.h
Examining data/ncrack-0.7+debian/opensshlib/poly1305.c
Examining data/ncrack-0.7+debian/opensshlib/poly1305.h
Examining data/ncrack-0.7+debian/opensshlib/port-aix.h
Examining data/ncrack-0.7+debian/opensshlib/port-irix.h
Examining data/ncrack-0.7+debian/opensshlib/port-linux.h
Examining data/ncrack-0.7+debian/opensshlib/port-net.c
Examining data/ncrack-0.7+debian/opensshlib/port-net.h
Examining data/ncrack-0.7+debian/opensshlib/port-solaris.h
Examining data/ncrack-0.7+debian/opensshlib/port-tun.h
Examining data/ncrack-0.7+debian/opensshlib/port-uw.h
Examining data/ncrack-0.7+debian/opensshlib/readconf.h
Examining data/ncrack-0.7+debian/opensshlib/readpassphrase.h
Examining data/ncrack-0.7+debian/opensshlib/reallocarray.c
Examining data/ncrack-0.7+debian/opensshlib/recallocarray.c
Examining data/ncrack-0.7+debian/opensshlib/rijndael.c
Examining data/ncrack-0.7+debian/opensshlib/rijndael.h
Examining data/ncrack-0.7+debian/opensshlib/rmd160.h
Examining data/ncrack-0.7+debian/opensshlib/rsa.c
Examining data/ncrack-0.7+debian/opensshlib/rsa.h
Examining data/ncrack-0.7+debian/opensshlib/sc25519.c
Examining data/ncrack-0.7+debian/opensshlib/sc25519.h
Examining data/ncrack-0.7+debian/opensshlib/sha1.h
Examining data/ncrack-0.7+debian/opensshlib/sha2.c
Examining data/ncrack-0.7+debian/opensshlib/sha2.h
Examining data/ncrack-0.7+debian/opensshlib/sigact.h
Examining data/ncrack-0.7+debian/opensshlib/smult_curve25519_ref.c
Examining data/ncrack-0.7+debian/opensshlib/ssh-dss.c
Examining data/ncrack-0.7+debian/opensshlib/ssh-ecdsa.c
Examining data/ncrack-0.7+debian/opensshlib/ssh-ed25519.c
Examining data/ncrack-0.7+debian/opensshlib/ssh-rsa.c
Examining data/ncrack-0.7+debian/opensshlib/ssh.c
Examining data/ncrack-0.7+debian/opensshlib/ssh.h
Examining data/ncrack-0.7+debian/opensshlib/ssh1.h
Examining data/ncrack-0.7+debian/opensshlib/ssh2.h
Examining data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c
Examining data/ncrack-0.7+debian/opensshlib/sshbuf-getput-crypto.c
Examining data/ncrack-0.7+debian/opensshlib/sshbuf-misc.c
Examining data/ncrack-0.7+debian/opensshlib/sshbuf.c
Examining data/ncrack-0.7+debian/opensshlib/sshbuf.h
Examining data/ncrack-0.7+debian/opensshlib/sshconnect.c
Examining data/ncrack-0.7+debian/opensshlib/sshconnect.h
Examining data/ncrack-0.7+debian/opensshlib/sshconnect2.c
Examining data/ncrack-0.7+debian/opensshlib/ssherr.c
Examining data/ncrack-0.7+debian/opensshlib/ssherr.h
Examining data/ncrack-0.7+debian/opensshlib/sshkey.c
Examining data/ncrack-0.7+debian/opensshlib/sshkey.h
Examining data/ncrack-0.7+debian/opensshlib/strlcat.c
Examining data/ncrack-0.7+debian/opensshlib/strlcpy.c
Examining data/ncrack-0.7+debian/opensshlib/strsep.c
Examining data/ncrack-0.7+debian/opensshlib/strtonum.c
Examining data/ncrack-0.7+debian/opensshlib/sys-queue.h
Examining data/ncrack-0.7+debian/opensshlib/sys-tree.h
Examining data/ncrack-0.7+debian/opensshlib/timingsafe_bcmp.c
Examining data/ncrack-0.7+debian/opensshlib/uidswap.h
Examining data/ncrack-0.7+debian/opensshlib/umac.h
Examining data/ncrack-0.7+debian/opensshlib/uuencode.c
Examining data/ncrack-0.7+debian/opensshlib/uuencode.h
Examining data/ncrack-0.7+debian/opensshlib/verify.c
Examining data/ncrack-0.7+debian/opensshlib/vis.c
Examining data/ncrack-0.7+debian/opensshlib/vis.h
Examining data/ncrack-0.7+debian/opensshlib/winfixssh.h
Examining data/ncrack-0.7+debian/opensshlib/xmalloc.c
Examining data/ncrack-0.7+debian/opensshlib/xmalloc.h
Examining data/ncrack-0.7+debian/opensshlib/umac.c
Examining data/ncrack-0.7+debian/output.cc
Examining data/ncrack-0.7+debian/output.h
Examining data/ncrack-0.7+debian/portable_endian.h
Examining data/ncrack-0.7+debian/services.cc
Examining data/ncrack-0.7+debian/services.h
Examining data/ncrack-0.7+debian/targets.cc
Examining data/ncrack-0.7+debian/targets.h
Examining data/ncrack-0.7+debian/timing.cc
Examining data/ncrack-0.7+debian/timing.h
Examining data/ncrack-0.7+debian/utils.cc
Examining data/ncrack-0.7+debian/utils.h
Examining data/ncrack-0.7+debian/xml.cc
Examining data/ncrack-0.7+debian/xml.h
Examining data/ncrack-0.7+debian/ncrack.cc
Examining data/ncrack-0.7+debian/ncrack_input.cc
FINAL RESULTS:
data/ncrack-0.7+debian/modules/ncrack_psql.cc:192:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(finalhash, buf, sizeof(finalhash) - 1);
data/ncrack-0.7+debian/nbase/nbase_misc.c:845:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/self/exe", buf, sizeof(buf));
data/ncrack-0.7+debian/Buf.cc:176:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
Buf::snprintf(u_int len, const void *fmt, ...)
data/ncrack-0.7+debian/Buf.cc:189:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf((char *)p, len + 1, (char *)fmt, ap);
data/ncrack-0.7+debian/Buf.h:164:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
void snprintf(u_int len, const void *fmt, ...);
data/ncrack-0.7+debian/NcrackOutputTable.h:174:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 4, 5)));
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:216:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(5, "login");
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:257:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:271:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:184:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(69 + strlen(con->user) + strlen(encoded_pass),
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:266:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user);
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:291:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_http.cc:248:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:541:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:633:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:642:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_http.cc:661:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s:%s", con->user, con->pass);
data/ncrack-0.7+debian/modules/ncrack_imap.cc:189:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(12 + strlen(con->user) + strlen(con->pass), "01 LOGIN %s %s\r\n", con->user, con->pass);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:182:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:192:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:212:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:253:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:349:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:478:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:595:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:754:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1065:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_collection_name, "%s%s", serv->db, ".$cmd");
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:234:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:236:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:372:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(packet_length + 4 + 20 + 21 + 1,
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:439:24: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(4,
data/ncrack-0.7+debian/modules/ncrack_owa.cc:294:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:307:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:309:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_pop3.cc:207:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user);
data/ncrack-0.7+debian/modules/ncrack_pop3.cc:240:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_psql.cc:311:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(packet_length,
data/ncrack-0.7+debian/modules/ncrack_psql.cc:344:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(packet_length,
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1796:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(COOKIE_USERNAME), "%s", COOKIE_USERNAME);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1797:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(2, "%c%c", '\r', '\n');
data/ncrack-0.7+debian/modules/ncrack_redis.cc:183:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(7 + strlen(con->pass), "AUTH %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_sip.cc:223:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:312:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_smb.cc:403:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(4, "%c%c%c%c", 0, 0, 0, 0);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:436:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
buf->snprintf(1, "%c", 0);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:442:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
buf->snprintf(12, "%c%s%", 2, "NT LM 0.12");
data/ncrack-0.7+debian/modules/ncrack_smb.cc:443:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
buf->snprintf(2, "%c%c", 2, 0);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:605:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(1, "%c", 0);
data/ncrack-0.7+debian/modules/ncrack_vnc.cc:249:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(12 , "RFB 003.008\n");
data/ncrack-0.7+debian/modules/ncrack_vnc.cc:255:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(12 , "RFB 003.003\n");
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:268:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:276:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:394:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:402:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:421:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s:%s", con->user, con->pass);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:508:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:516:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:529:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)tmp, tmplen,
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:813:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:821:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(94, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:846:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1033:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1200:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)tmp2, tmplen2,
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:211:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:224:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:291:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:301:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(48, "\r\nUser-Agent: %s", USER_AGENT);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:321:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/nbase/nbase.h:280:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern "C" int snprintf (char *str, size_t sz, const char *format, ...)
data/ncrack-0.7+debian/nbase/nbase.h:281:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 3, 4)));
data/ncrack-0.7+debian/nbase/nbase.h:285:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern "C" int vsnprintf (char *str, size_t sz, const char *format,
data/ncrack-0.7+debian/nbase/nbase.h:287:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 3, 0)));
data/ncrack-0.7+debian/nbase/nbase.h:292:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/ncrack-0.7+debian/nbase/nbase.h:297:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 2, 0)));
data/ncrack-0.7+debian/nbase/nbase.h:302:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 3, 4)));
data/ncrack-0.7+debian/nbase/nbase.h:308:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 3, 0)));
data/ncrack-0.7+debian/nbase/nbase.h:312:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern "C" int snprintf (char *, size_t, const char *, ...);
data/ncrack-0.7+debian/nbase/nbase.h:316:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern "C" int vsnprintf (char *, size_t, const char *, va_list);
data/ncrack-0.7+debian/nbase/nbase.h:349:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/ncrack-0.7+debian/nbase/nbase.h:362:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/ncrack-0.7+debian/nbase/nbase.h:362:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/ncrack-0.7+debian/nbase/nbase.h:367:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define execv _execv
data/ncrack-0.7+debian/nbase/nbase.h:485:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 3, 0)));
data/ncrack-0.7+debian/nbase/nbase.h:487:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 3, 4)));
data/ncrack-0.7+debian/nbase/nbase.h:492:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 0)));
data/ncrack-0.7+debian/nbase/nbase_memalloc.c:140:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/nbase/nbase_memalloc.c:147:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ncrack-0.7+debian/nbase/nbase_misc.c:832:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(pathname_buf, R_OK) != -1)
data/ncrack-0.7+debian/nbase/nbase_str.c:194:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(s, n, fmt, ap);
data/ncrack-0.7+debian/nbase/nbase_str.c:243:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(s, size, fmt, va_tmp);
data/ncrack-0.7+debian/nbase/snprintf.c:485:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (char *str, size_t sz, const char *format, ...)
data/ncrack-0.7+debian/nbase/snprintf.c:491:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf (str, sz, format, args);
data/ncrack-0.7+debian/nbase/snprintf.c:500:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret2 = vsprintf (tmp, format, args);
data/ncrack-0.7+debian/nbase/snprintf.c:575:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret2 = vsprintf (tmp, format, args);
data/ncrack-0.7+debian/nbase/snprintf.c:603:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret2 = vsprintf (tmp, format, args);
data/ncrack-0.7+debian/nbase/snprintf.c:619:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (char *str, size_t sz, const char *format, va_list args)
data/ncrack-0.7+debian/ncrack.cc:416:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(pathname_buf, R_OK) != -1)
data/ncrack-0.7+debian/ncrack_error.h:165:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/ncrack_error.h:167:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/ncrack_error.h:169:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/ncrack_error.h:171:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/ncrack_resume.cc:268:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK)) {
data/ncrack-0.7+debian/ncrack_resume.cc:278:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK | W_OK))
data/ncrack-0.7+debian/ncrack_resume.cc:280:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK | W_OK | X_OK))
data/ncrack-0.7+debian/nsock/src/error.c:69:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ncrack-0.7+debian/nsock/src/error.c:81:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ncrack-0.7+debian/nsock/src/error.h:86:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/nsock/src/error.h:89:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/nsock/src/netutils.c:174:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s", get_unixsock_path(ss));
data/ncrack-0.7+debian/nsock/src/netutils.c:179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s:%d", inet_ntop_ez(ss, sslen), get_port(ss));
data/ncrack-0.7+debian/nsock/src/nsock_log.h:116:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 5, 6)));
data/ncrack-0.7+debian/nsock/tests/tests_main.c:123:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(TEST_FAILED " (%s)\n", socket_strerror(-rc));
data/ncrack-0.7+debian/nsock/tests/tests_main.c:126:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(TEST_OK "\n");
data/ncrack-0.7+debian/ntlmssp.cc:339:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userdomain, user);
data/ncrack-0.7+debian/ntlmssp.cc:346:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(userdomain, domain);
data/ncrack-0.7+debian/opensshlib/auth.h:182:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/bsd-asprintf.c:58:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
data/ncrack-0.7+debian/opensshlib/bsd-asprintf.c:72:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(newstr, len, fmt, ap2);
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:874:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (char *str, size_t count, const char *fmt, va_list args)
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:882:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:888:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(str, count, fmt, ap);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:78:28: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:79:28: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:80:28: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
data/ncrack-0.7+debian/opensshlib/cipher.c:82:45: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
data/ncrack-0.7+debian/opensshlib/defines.h:689:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (char *, size_t, const char *, ...);
data/ncrack-0.7+debian/opensshlib/defines.h:691:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (const char *, const char *);
data/ncrack-0.7+debian/opensshlib/fatal.c:42:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/ncrack-0.7+debian/opensshlib/log.c:450:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
data/ncrack-0.7+debian/opensshlib/log.c:452:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
data/ncrack-0.7+debian/opensshlib/log.h:66:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:67:61: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void ssh_error(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:69:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:70:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:71:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:72:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:73:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:74:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/log.h:79:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/ncrack-0.7+debian/opensshlib/misc.h:77:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/ncrack-0.7+debian/opensshlib/misc.h:79:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/ncrack-0.7+debian/opensshlib/misc.h:139:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/opacket.c:337:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ncrack-0.7+debian/opensshlib/opacket.c:349:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ncrack-0.7+debian/opensshlib/opacket.h:106:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/ncrack-0.7+debian/opensshlib/opacket.h:108:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)))
data/ncrack-0.7+debian/opensshlib/openbsd-compat.h:240:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *, size_t, SNPRINTF_CONST char *, ...);
data/ncrack-0.7+debian/opensshlib/openbsd-compat.h:306:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *, size_t, const char *, va_list);
data/ncrack-0.7+debian/opensshlib/packet.c:1994:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ncrack-0.7+debian/opensshlib/packet.c:2081:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ncrack-0.7+debian/opensshlib/packet.c:3029:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ncrack-0.7+debian/opensshlib/packet.h:134:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/ncrack-0.7+debian/opensshlib/packet.h:136:90: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/ncrack-0.7+debian/opensshlib/packet.h:187:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/ncrack-0.7+debian/opensshlib/port-net.c:174:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:272:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) {
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:284:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {
data/ncrack-0.7+debian/opensshlib/sshbuf.h:176:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/ncrack-0.7+debian/opensshlib/sshbuf.h:337:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x; \
data/ncrack-0.7+debian/opensshlib/sshconnect.c:182:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:258:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:1500:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, "-c", args, (char *)NULL);
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1543:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
data/ncrack-0.7+debian/opensshlib/xmalloc.h:26:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)))
data/ncrack-0.7+debian/output.cc:199:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(o.ncrack_stdout, fmt, ap);
data/ncrack-0.7+debian/output.cc:204:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/ncrack-0.7+debian/output.h:170:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/ncrack-0.7+debian/xml.h:135:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int xml_write_raw(const char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/xml.h:136:69: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int xml_write_escaped(const char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
data/ncrack-0.7+debian/xml.h:137:78: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int xml_write_escaped_v(const char *fmt, va_list va) __attribute__ ((format (printf, 1, 0)));
data/ncrack-0.7+debian/xml.h:153:83: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int xml_attribute(const char *name, const char *fmt, ...) __attribute__ ((format (printf, 2, 3)));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:207:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:237:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/ncrack-0.7+debian/nbase/getopt.c:67:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+';
data/ncrack-0.7+debian/nbase/getopt.c:163:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+';
data/ncrack-0.7+debian/nbase/getopt.c:288:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * argv[], const char *opts)
data/ncrack-0.7+debian/nbase/getopt.c:294:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char * argv[], const char *shortopts,
data/ncrack-0.7+debian/nbase/getopt.h:48:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt(int argc, char * argv[], const char *opts);
data/ncrack-0.7+debian/nbase/getopt.h:70:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long(int argc, char * argv[], const char *shortopts,
data/ncrack-0.7+debian/ncrack.cc:465:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!foundsomething && (dirptr = getenv("NCRACKDIR"))) {
data/ncrack-0.7+debian/nsock/examples/nsock_telnet.c:206:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "s")) != -1) {
data/ncrack-0.7+debian/nsock/examples/nsock_test_timers.c:135:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/ncrack-0.7+debian/nsock/tests/timer.c:71:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/ncrack-0.7+debian/opensshlib/defines.h:581:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# undef getopt
data/ncrack-0.7+debian/opensshlib/defines.h:587:10: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# define getopt(ac, av, o) BSDgetopt(ac, av, o)
data/ncrack-0.7+debian/opensshlib/getopt.h:57:6: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int, char * const *, const char *,
data/ncrack-0.7+debian/opensshlib/getopt.h:63:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int, char * const *, const char *);
data/ncrack-0.7+debian/opensshlib/misc.c:1004:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL) {
data/ncrack-0.7+debian/opensshlib/openbsd-compat.h:95:11: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
# define realpath(x, y) _ssh_compat_realpath(x, y)
data/ncrack-0.7+debian/opensshlib/openbsd-compat.h:98:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *realpath(const char *path, char *resolved);
data/ncrack-0.7+debian/opensshlib/ssh.c:600:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
data/ncrack-0.7+debian/opensshlib/ssh.c:1643:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("TERM");
data/ncrack-0.7+debian/opensshlib/ssh.c:1676:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display = getenv("DISPLAY");
data/ncrack-0.7+debian/opensshlib/ssh.c:1779:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
display = getenv("DISPLAY");
data/ncrack-0.7+debian/opensshlib/ssh.c:1809:54: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
data/ncrack-0.7+debian/opensshlib/sshconnect.c:138:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL)
data/ncrack-0.7+debian/opensshlib/sshconnect.c:216:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
data/ncrack-0.7+debian/opensshlib/sshconnect.c:1492:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
data/ncrack-0.7+debian/Buf.cc:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, len);
data/ncrack-0.7+debian/Buf.cc:296:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buf + offset, len);
data/ncrack-0.7+debian/NcrackOutputTable.cc:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cell->str, item, itemlen);
data/ncrack-0.7+debian/NcrackOutputTable.cc:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ncrack-0.7+debian/NcrackOutputTable.cc:299:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tableout + p, cell->str, cell->strlength);
data/ncrack-0.7+debian/NcrackOutputTable.cc:311:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tableout + p, cell->str, cell->strlength);
data/ncrack-0.7+debian/Target.cc:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, &targetsock, targetsocklen);
data/ncrack-0.7+debian/Target.cc:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&targetsock, ss, ss_len);
data/ncrack-0.7+debian/Target.h:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetipstring[INET6_ADDRSTRLEN];
data/ncrack-0.7+debian/TargetGroup.cc:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *addy[5];
data/ncrack-0.7+debian/TargetGroup.cc:236:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netmask = ( s ) ? atoi(s) : 32;
data/ncrack-0.7+debian/TargetGroup.cc:252:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(startaddr), target->h_addr_list[0], sizeof(struct in_addr));
data/ncrack-0.7+debian/TargetGroup.cc:316:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(addy[i]+ 1);
data/ncrack-0.7+debian/TargetGroup.cc:318:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = end = atoi(addy[i]);
data/ncrack-0.7+debian/TargetGroup.cc:320:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(r + 1);
data/ncrack-0.7+debian/TargetGroup.cc:366:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6, sin6, sizeof(struct sockaddr_in6));
data/ncrack-0.7+debian/TargetGroup.cc:512:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sin6->sin6_addr.s6_addr, ip6.sin6_addr.s6_addr, 16);
data/ncrack-0.7+debian/crypto.cc:184:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lm_create_hash(const char *password, uint8_t result[16])
data/ncrack-0.7+debian/crypto.cc:210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 0, hash1, 8);
data/ncrack-0.7+debian/crypto.cc:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 8, hash2, 8);
data/ncrack-0.7+debian/crypto.cc:252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 0, hash1, 8);
data/ncrack-0.7+debian/crypto.cc:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 8, hash2, 8);
data/ncrack-0.7+debian/crypto.cc:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 16, hash3, 8);
data/ncrack-0.7+debian/crypto.cc:263:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ntlm_create_hash(const char *password, uint8_t result[16])
data/ncrack-0.7+debian/crypto.cc:297:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ntlmv2_create_hash(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.cc:298:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, uint8_t hash[16])
data/ncrack-0.7+debian/crypto.cc:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combined, username, username_length);
data/ncrack-0.7+debian/crypto.cc:315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combined + username_length, domain, domain_length);
data/ncrack-0.7+debian/crypto.cc:341:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lmv2_create_response(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.cc:342:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, const uint8_t challenge[8], uint8_t *result,
data/ncrack-0.7+debian/crypto.cc:356:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ntlmv2_create_response(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.cc:357:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, const uint8_t challenge[8], uint8_t *result,
data/ncrack-0.7+debian/crypto.cc:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob, blip, 8);
data/ncrack-0.7+debian/crypto.cc:393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, challenge, 8);
data/ncrack-0.7+debian/crypto.cc:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 8, blob, blob_length);
data/ncrack-0.7+debian/crypto.cc:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 16, blob, blob_length);
data/ncrack-0.7+debian/crypto.cc:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input_temp, input, length);
data/ncrack-0.7+debian/crypto.cc:553:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc1[56] = {
data/ncrack-0.7+debian/crypto.cc:559:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char totrot[16] = {
data/ncrack-0.7+debian/crypto.cc:562:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc2[48] = {
data/ncrack-0.7+debian/crypto.cc:577:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pc1m[56], pcr[56];
data/ncrack-0.7+debian/crypto.h:144:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void lm_create_hash(const char *password, uint8_t result[16]);
data/ncrack-0.7+debian/crypto.h:160:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ntlm_create_hash(const char *password, uint8_t result[16]);
data/ncrack-0.7+debian/crypto.h:179:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void lmv2_create_response(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.h:180:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, const uint8_t challenge[8], uint8_t *result,
data/ncrack-0.7+debian/crypto.h:189:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ntlmv2_create_hash(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.h:190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, uint8_t hash[16]);
data/ncrack-0.7+debian/crypto.h:198:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ntlmv2_create_response(const uint8_t ntlm[16], const char *username,
data/ncrack-0.7+debian/crypto.h:199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *domain, const uint8_t challenge[8], uint8_t *result,
data/ncrack-0.7+debian/http.cc:865:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header + n, p, count);
data/ncrack-0.7+debian/http_digest.cc:159:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char secret[SECRET_LENGTH];
data/ncrack-0.7+debian/http_digest.cc:211:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[MD5_DIGEST_LENGTH];
data/ncrack-0.7+debian/http_digest.cc:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/http_digest.cc:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[32];
data/ncrack-0.7+debian/http_digest.cc:237:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void make_response(char buf[MD5_DIGEST_LENGTH * 2 + 1],
data/ncrack-0.7+debian/http_digest.cc:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1], HA2_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/http_digest.cc:243:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[MD5_DIGEST_LENGTH];
data/ncrack-0.7+debian/http_digest.cc:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/http_digest.cc:333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cnonce[CNONCE_LENGTH];
data/ncrack-0.7+debian/http_digest.cc:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnonce_buf[CNONCE_LENGTH * 2 + 1];
data/ncrack-0.7+debian/http_digest.cc:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nc_buf[8 + 1];
data/ncrack-0.7+debian/http_digest.cc:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char * )&data.Struct.map.string1[0], "username", 8);
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char * )&data.Struct.map.string3[0], "password", 8);
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded_pass[512];
data/ncrack-0.7+debian/modules/ncrack_dicom.cc:389:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(da.assoc.called_ae, con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_dicom.cc:390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(da.assoc.calling_ae, con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftp_code[FTP_DIGITS + 2]; /* 3 digits + space + '\0' */
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dig[2]; /* temporary digit string */
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ftp_code_ret, ftp_code, FTP_DIGITS);
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftp_code[FTP_DIGITS + 1];
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:461:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[MD5_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:556:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_buf[4];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:564:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
nonce = (char *)safe_malloc(((int) tmp_buf[0] + 1));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:726:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_buf[4];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:727:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char conversationId[4];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:731:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[MD5_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:732:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf2[SHA_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:912:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (char *)safe_malloc((int) tmp_buf[0]);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:913:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp_buffer = (char *)safe_malloc((int) tmp_buf[0]);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1001:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(unsigned char*) decoded_salt, strlen(decoded_salt), atoi(iterations),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1007:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_key[20];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1036:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_sig[20];
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1044:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_proof[SHA_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol, "MQTT", 4);
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client_id, "Ncrack", 6);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:485:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen, hostname, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:487:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen + 30, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:489:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen + 30 + 1 , username, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:491:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen + 30 + 1 + 30, &len_login, 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:492:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen + 30 + 1 + 30 + 1, password, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:493:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + pklen + 30 + 1 + 30 + 1 + 30, &len_pass, 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:495:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101, host_process, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:496:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:497:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30 + 1, magic1, 6);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:498:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30 + 1 + 6, "\x01", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:499:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30 + 1 + 6 + 1, magic2, 9);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:500:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30 + 1 + 6 + 1 + 9, app_name, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:501:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 101 + 30 + 1 + 6 + 1 + 9 + 30, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:503:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179, server_name, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:504:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30,"\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:505:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30 + 1,"\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:506:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30 + 1 + 1, &len_pass, 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:507:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30 + 1 + 1 + 1, password, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:508:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30 + 1 + 1 + 1 + 30, magic4, 223);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:509:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 179 + 30 + 1 + 1 + 1 + 30 + 223, &len_pass + 2, 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:511:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466, tds_major_v, 2);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:512:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2, tds_minor_v, 2);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:513:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2, library_name, 10);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:514:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10,"\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:515:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1, program_major_v, 2);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:516:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2, program_minor_v, 2);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:517:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2, magic5, 3);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:518:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3, language, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:519:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3 + 30,"\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:520:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 466 + 2 + 2 + 10 + 1 + 2 + 2 + 3 + 30 + 1,"\x01", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:522:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520, old_secure, 2);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:523:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:524:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:525:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1, sec_spare, 9);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:526:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1 + 9, character_set, 30);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:527:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:528:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1, "\x01", 1);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:529:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1 + 1, block_size, 6);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:530:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 520 + 2 + 1 + 1 + 9 + 30 + 1 + 1 + 6, "\x00", 1);
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mysql_salt[MYSQL_SALT + 1];
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dig[5]; /* temporary digit string */
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_authentication_method[21 + 1];
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:243:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:257:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:284:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:292:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mysql_auth_method[21 + 1];
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mysql_salt[MYSQL_SALT + 1];
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_hex[SHA_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:375:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)con->outbuf->get_dataptr() + packet_length + 4 , response_hex, sizeof response_hex);
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:443:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)con->outbuf->get_dataptr() + 4 , response_hex, sizeof response_hex);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:168:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void make_response(char buf[MD5_DIGEST_LENGTH * 2 + 3],
data/ncrack-0.7+debian/modules/ncrack_psql.cc:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HA1_hex[MD5_DIGEST_LENGTH * 2 + 1];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:172:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[MD5_DIGEST_LENGTH];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalhash[MD5_DIGEST_LENGTH * 2 + 3 + 1];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(finalhash,"md5", sizeof("md5"));
data/ncrack-0.7+debian/modules/ncrack_psql.cc:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, finalhash, MD5_DIGEST_LENGTH * 2 + 3);
data/ncrack-0.7+debian/modules/ncrack_psql.cc:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psql_code[PSQL_DIGITS + 1]; /* 1 char + '\0' */
data/ncrack-0.7+debian/modules/ncrack_psql.cc:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psql_salt[PSQL_SALT + 1]; /* 4 + '\0' */
data/ncrack-0.7+debian/modules/ncrack_psql.cc:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dig[PSQL_PACKET_LENGTH + 1]; /* temporary digit string */
data/ncrack-0.7+debian/modules/ncrack_psql.cc:222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psql_code_ret, psql_code, PSQL_DIGITS);
data/ncrack-0.7+debian/modules/ncrack_psql.cc:259:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psql_salt_ret, psql_salt, PSQL_SALT);
data/ncrack-0.7+debian/modules/ncrack_psql.cc:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psql_code[PSQL_DIGITS + 1];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psql_salt[PSQL_SALT + 1];
data/ncrack-0.7+debian/modules/ncrack_psql.cc:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_hex[MD5_DIGEST_LENGTH *2 + 3];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:593:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(source, RDP_SOURCE, sizeof(RDP_SOURCE));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(caps, caps_0x0d_array, sizeof(caps_0x0d_array));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(caps, caps_0x0c_array, sizeof(caps_0x0c_array));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(caps, caps_0x0e_array, sizeof(caps_0x0e_array));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(caps, caps_0x10_array, sizeof(caps_0x10_array));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8]; /* null-terminated array of ANSI chars for channel id */
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:2111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccd.client_name, hostname, sizeof(hostname));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:2362:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, p, length);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3500:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->assembled[code]->p, p, length);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3953:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4001:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[128];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exp, p, 4);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4118:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mod, p, mod_len);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(premaster_secret, client_random, 24);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(premaster_secret + 24, server_random, 24);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->sign_key, key, 16);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->encrypt_update_key, info->encrypt_key, 16);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->decrypt_update_key, info->decrypt_key, 16);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[64];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[16];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shell[256];
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workingdir[256];
data/ncrack-0.7+debian/modules/ncrack_sip.cc:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localport_s[6];
data/ncrack-0.7+debian/modules/ncrack_sip.cc:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cseq_s[6];
data/ncrack-0.7+debian/modules/ncrack_sip.cc:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST];
data/ncrack-0.7+debian/modules/ncrack_sip.cc:425:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, host, strlen(host));
data/ncrack-0.7+debian/modules/ncrack_smb.cc:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&netbios_length, ioptr, sizeof(uint32_t));
data/ncrack-0.7+debian/modules/ncrack_smb.cc:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&header.protocol[1], "SMB", 3);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:459:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &nbt_len, sizeof(uint32_t));
data/ncrack-0.7+debian/modules/ncrack_smb.cc:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->server_challenge, ptr, 8);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:616:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &byte_count, sizeof(byte_count));
data/ncrack-0.7+debian/modules/ncrack_smb2.cc:195:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&netbios_length, ioptr, sizeof(uint32_t));
data/ncrack-0.7+debian/modules/ncrack_smb2.cc:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &nbt_len, sizeof(uint32_t));
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[BUFSIZE]; /* local buffer */
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:222:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE));
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:254:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE));
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:282:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localbufptr, WILL_LINEMODE, sizeof(WILL_LINEMODE));
data/ncrack-0.7+debian/modules/ncrack_vnc.cc:165:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:489:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_challenge[8];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:490:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_buf[4];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:688:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type2_marker_check[4];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:785:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_info, &tmp3[targetinfo_offset], targetinfo_length);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:827:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lmbuffer[0x18];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:828:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lmresp[24]; /* fixed-size */
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:841:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pw_upper[14];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:941:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntbuffer[0x18];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:942:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntresp[24]; /* fixed-size */
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:994:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entropy[8];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:995:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlmv2hash[0x18];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:996:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmphash[0x18];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1136:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp3, tmp_challenge, 8);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1137:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp3 + 16 + 8, entropy, 8);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1138:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp3 + 28 + 8, target_info, targetinfo_length);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1152:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, tmphash, 16);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1153:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 16, tmp3 + 8, tmplen3 - 8);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1168:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chall_nonce [16];
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lmresp[16], entropy, sizeof(entropy));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1291:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp2[ntrespoff], ptr_ntresp, ntresplen);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1293:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp2[lmrespoff], lmresp, 0x18);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1294:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp2[domoff], domain_unicode, domainlen);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1295:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp2[useroff], user_unicode, userlen);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/ncrack-0.7+debian/nbase/getaddrinfo.c:158:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char customerr[64];
data/ncrack-0.7+debian/nbase/getaddrinfo.c:225:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portno = htons(atoi(service));
data/ncrack-0.7+debian/nbase/inet_ntop.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/ncrack-0.7+debian/nbase/inet_pton.c:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[INADDRSZ], *tp;
data/ncrack-0.7+debian/nbase/inet_pton.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, INADDRSZ);
data/ncrack-0.7+debian/nbase/inet_pton.c:170:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/ncrack-0.7+debian/nbase/inet_pton.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDRSZ);
data/ncrack-0.7+debian/nbase/nbase.h:357:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/ncrack-0.7+debian/nbase/nbase_addrset.c:338:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_string[128];
data/ncrack-0.7+debian/nbase/nbase_addrset.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/nbase/nbase_misc.c:180:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[128];
data/ncrack-0.7+debian/nbase/nbase_misc.c:236:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[INET6_ADDRSTRLEN];
data/ncrack-0.7+debian/nbase/nbase_misc.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padded[sizeof(int)];
data/ncrack-0.7+debian/nbase/nbase_misc.c:704:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char asciify[257]; /* Stores character table */
data/ncrack-0.7+debian/nbase/nbase_misc.c:711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line2print[LINE_LEN]; /* Stores current line */
data/ncrack-0.7+debian/nbase/nbase_misc.c:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printbyte[16]; /* For byte conversion */
data/ncrack-0.7+debian/nbase/nbase_misc.c:756:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_line, line2print, LINE_LEN);
data/ncrack-0.7+debian/nbase/nbase_misc.c:841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/nbase/nbase_misc.c:850:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, buf, n);
data/ncrack-0.7+debian/nbase/nbase_misc.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/nbase/nbase_misc.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/nbase/nbase_rnd.c:225:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY)) != -1 ||
data/ncrack-0.7+debian/nbase/nbase_rnd.c:226:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open("/dev/arandom", O_RDONLY)) != -1) {
data/ncrack-0.7+debian/nbase/nbase_str.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ncrack-0.7+debian/nbase/nbase_str.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, start, end - start);
data/ncrack-0.7+debian/nbase/nbase_winunix.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c:45:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
size = MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0);
data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c:51:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
ret = MultiByteToWideChar(CP_UTF8, 0, s, -1, result, size);
data/ncrack-0.7+debian/ncrack.cc:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/ncrack-0.7+debian/ncrack.cc:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servicename[128], proto[16];
data/ncrack-0.7+debian/ncrack.cc:337:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/ncrack-0.7+debian/ncrack.cc:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dot_buffer[512];
data/ncrack-0.7+debian/ncrack.cc:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnbuf[MAX_PATH];
data/ncrack-0.7+debian/ncrack.cc:627:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char host_spec[1024];
data/ncrack-0.7+debian/ncrack.cc:708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/ncrack-0.7+debian/ncrack.cc:716:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(filename, "r");
data/ncrack-0.7+debian/ncrack.cc:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char services_file[256]; /* path name for "ncrack-services" file */
data/ncrack-0.7+debian/ncrack.cc:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_file[256];
data/ncrack-0.7+debian/ncrack.cc:862:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_file[256];
data/ncrack-0.7+debian/ncrack.cc:891:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[128];
data/ncrack-0.7+debian/ncrack.cc:892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mytime[128];
data/ncrack-0.7+debian/ncrack.cc:970:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
excludefd = fopen(optarg, "r");
data/ncrack-0.7+debian/ncrack.cc:985:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.connection_limit = atoi(optarg);
data/ncrack-0.7+debian/ncrack.cc:996:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lvl = atoi(optarg);
data/ncrack-0.7+debian/ncrack.cc:1024:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfd = fopen(strdup(optarg), "r");
data/ncrack-0.7+debian/ncrack.cc:1031:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfd = fopen(strdup(optarg), "r");
data/ncrack-0.7+debian/ncrack.cc:1037:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputfd = fopen(strdup(optarg), "r");
data/ncrack-0.7+debian/ncrack.cc:1045:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/ncrack-0.7+debian/ncrack.cc:1086:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.debugging = o.verbose = atoi(optarg);
data/ncrack-0.7+debian/ncrack.cc:1101:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.finish = atoi(optarg);
data/ncrack-0.7+debian/ncrack.cc:1193:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.verbose = atoi(optarg);
data/ncrack-0.7+debian/ncrack_input.cc:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ncrack-0.7+debian/ncrack_input.cc:152:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip[16];
data/ncrack-0.7+debian/ncrack_input.cc:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portnum[7];
data/ncrack-0.7+debian/ncrack_input.cc:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_name[64];
data/ncrack-0.7+debian/ncrack_input.cc:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpe[4];
data/ncrack-0.7+debian/ncrack_input.cc:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ncrack-0.7+debian/ncrack_input.cc:405:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip[16];
data/ncrack-0.7+debian/ncrack_input.cc:406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portnum[7];
data/ncrack-0.7+debian/ncrack_input.cc:407:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_name[64];
data/ncrack-0.7+debian/ncrack_input.cc:410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/ncrack-0.7+debian/ncrack_resume.cc:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycommand[4096];
data/ncrack-0.7+debian/ncrack_resume.cc:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/ncrack-0.7+debian/ncrack_resume.cc:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/ncrack-0.7+debian/ncrack_resume.cc:310:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outfile = fopen(filename, "w")))
data/ncrack-0.7+debian/ncrack_resume.cc:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncrack_arg_buffer[1024];
data/ncrack-0.7+debian/ncrack_resume.cc:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/ncrack_resume.cc:480:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ncrack_arg_buffer + 7, p, q - p);
data/ncrack-0.7+debian/ncrack_resume.cc:507:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_info.user_index, q, sizeof(uint32_t));
data/ncrack-0.7+debian/ncrack_resume.cc:513:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_info.pass_index, q, sizeof(uint32_t));
data/ncrack-0.7+debian/ncrack_resume.cc:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cred_num, q, sizeof(uint32_t));
data/ncrack-0.7+debian/ncrack_tty.cc:248:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty_fd = open("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0) return;
data/ncrack-0.7+debian/nsock/examples/nsock_telnet.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip, h->h_addr_list[0], sizeof(struct in_addr));
data/ncrack-0.7+debian/nsock/examples/nsock_telnet.c:228:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portno = atoi(argv[optind]);
data/ncrack-0.7+debian/nsock/src/engine_iocp.c:748:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, eov->wsabuf.buf, dwRes);
data/ncrack-0.7+debian/nsock/src/filespace.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpstr, fs->str, fs->current_size);
data/ncrack-0.7+debian/nsock/src/filespace.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fs->str + fs->current_size, str, len);
data/ncrack-0.7+debian/nsock/src/netutils.c:170:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[PEER_STR_LEN];
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iod->px_ctx->target_ss, ss, sslen);
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iod->peer, ss, sslen);
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:565:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(remote, &(nsi->peer), MIN((unsigned)socklen, nsi->peerlen));
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:581:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local, &ss, MIN((unsigned)slen, socklen));
data/ncrack-0.7+debian/nsock/src/nsock_core.c:599:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[READ_BUFFER_SZ];
data/ncrack-0.7+debian/nsock/src/nsock_core.c:637:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iod->peer, &peer, peerlen);
data/ncrack-0.7+debian/nsock/src/nsock_core.c:1332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displaystr[256];
data/ncrack-0.7+debian/nsock/src/nsock_core.c:1333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[256];
data/ncrack-0.7+debian/nsock/src/nsock_core.c:1363:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr, ": ", 2);
data/ncrack-0.7+debian/nsock/src/nsock_core.c:1364:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr + 2, str, strlength);
data/ncrack-0.7+debian/nsock/src/nsock_iod.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nsi->local, ss, sslen);
data/ncrack-0.7+debian/nsock/src/nsock_iod.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nsi->ipopts, opts, optslen);
data/ncrack-0.7+debian/nsock/src/nsock_pcap.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/ncrack-0.7+debian/nsock/src/nsock_pcap.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bpf[4096];
data/ncrack-0.7+debian/nsock/src/nsock_pcap.c:402:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npp.ts, nsock_gettimeofday(), sizeof(struct timeval));
data/ncrack-0.7+debian/nsock/src/nsock_ssl.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rndbuf[128];
data/ncrack-0.7+debian/nsock/src/nsock_write.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displaystr[256];
data/ncrack-0.7+debian/nsock/src/nsock_write.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nse->writeinfo.dest, saddr, sslen);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nse->iod->peer, saddr, sslen);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr, ": ", 2);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr + 2, data, datalen);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displaystr[256];
data/ncrack-0.7+debian/nsock/src/nsock_write.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr, ": ", 2);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr + 2, data, datalen);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ncrack-0.7+debian/nsock/src/nsock_write.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displaystr[256];
data/ncrack-0.7+debian/nsock/src/nsock_write.c:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr, ": ", 2);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(displaystr + 2, buf2, strlength);
data/ncrack-0.7+debian/ntlmssp.cc:266:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_data->buf, tmp, auth_data->len);
data/ncrack-0.7+debian/ntlmssp.cc:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_data->buf + auth_data->len, buffer, size);
data/ncrack-0.7+debian/ntlmssp.cc:279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlm[32];
data/ncrack-0.7+debian/ntlmssp.cc:283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ntlm, "NTLMSSP", 8);
data/ncrack-0.7+debian/ntlmssp.cc:286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ntlm[8], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ntlm[12], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_data->ntlm_buf, buf, auth_data->ntlm_len);
data/ncrack-0.7+debian/ntlmssp.cc:320:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NTOWFv2(const char *user, const char *password, const char *domain,
data/ncrack-0.7+debian/ntlmssp.cc:320:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NTOWFv2(const char *user, const char *password, const char *domain,
data/ncrack-0.7+debian/ntlmssp.cc:320:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NTOWFv2(const char *user, const char *password, const char *domain,
data/ncrack-0.7+debian/ntlmssp.cc:321:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlmv2_hash[16])
data/ncrack-0.7+debian/ntlmssp.cc:326:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlm_hash[16];
data/ncrack-0.7+debian/ntlmssp.cc:372:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sign[8] = {0x01, 0x01, 0x00, 0x00,
data/ncrack-0.7+debian/ntlmssp.cc:374:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero[8] = {0x00, 0x00, 0x00, 0x00,
data/ncrack-0.7+debian/ntlmssp.cc:410:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lm_buf[16];
data/ncrack-0.7+debian/ntlmssp.cc:412:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ResponseKeyNT[16];
data/ncrack-0.7+debian/ntlmssp.cc:420:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char NTProofStr[16];
data/ncrack-0.7+debian/ntlmssp.cc:421:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char LMStr[16];
data/ncrack-0.7+debian/ntlmssp.cc:428:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key_exch[SMB2_KEY_SIZE];
data/ncrack-0.7+debian/ntlmssp.cc:450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&server_neg_flags, &auth_data->ntlm_buf[20], 4);
data/ncrack-0.7+debian/ntlmssp.cc:453:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, &auth_data->ntlm_buf[40], 4);
data/ncrack-0.7+debian/ntlmssp.cc:457:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, &auth_data->ntlm_buf[44], 4);
data/ncrack-0.7+debian/ntlmssp.cc:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_data->buf, NTProofStr, 16);
data/ncrack-0.7+debian/ntlmssp.cc:480:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_data->exported_session_key, key_exch, 16);
data/ncrack-0.7+debian/ntlmssp.cc:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lm_buf[0], server_challenge, 8);
data/ncrack-0.7+debian/ntlmssp.cc:493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lm_buf[8], auth_data->client_challenge, 8);
data/ncrack-0.7+debian/ntlmssp.cc:572:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth_data->buf[32], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:579:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth_data->buf[40], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:584:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth_data->buf[48], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth_data->buf[16], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:597:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth_data->buf[24], &u32, 4);
data/ncrack-0.7+debian/ntlmssp.cc:654:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mkey, auth->exported_session_key, SMB2_KEY_SIZE);
data/ncrack-0.7+debian/opensshlib/addrmatch.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, a, sizeof(*dst));
data/ncrack-0.7+debian/opensshlib/addrmatch.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[64], *mp, *cp;
data/ncrack-0.7+debian/opensshlib/addrmatch.c:346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, &tmp, sizeof(*n));
data/ncrack-0.7+debian/opensshlib/arc4random.c:92:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
data/ncrack-0.7+debian/opensshlib/arc4random.c:179:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
data/ncrack-0.7+debian/opensshlib/arc4random.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
data/ncrack-0.7+debian/opensshlib/bcrypt_pbkdf.c:136:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(countsalt, salt, saltlen);
data/ncrack-0.7+debian/opensshlib/bsd-cygwin_util.h:62:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open binary_open
data/ncrack-0.7+debian/opensshlib/bsd-misc.c:129:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/ncrack-0.7+debian/opensshlib/bsd-misc.c:261:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return(memcpy(cp, str, len));
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[311];
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[311];
data/ncrack-0.7+debian/opensshlib/chacha.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/ncrack-0.7+debian/opensshlib/chacha.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/ncrack-0.7+debian/opensshlib/chacha_private.h:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/ncrack-0.7+debian/opensshlib/chacha_private.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8);
data/ncrack-0.7+debian/opensshlib/cipher-3des1.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->r_iv, iv, len);
data/ncrack-0.7+debian/opensshlib/cipher-aes.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, c->r_iv, len);
data/ncrack-0.7+debian/opensshlib/cipher-aesctr.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->ctr, iv, AES_BLOCK_SIZE);
data/ncrack-0.7+debian/opensshlib/cipher-bf1.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ctx->oiv[0]), iv, 8);
data/ncrack-0.7+debian/opensshlib/cipher-bf1.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
data/ncrack-0.7+debian/opensshlib/cipher-ctr.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
data/ncrack-0.7+debian/opensshlib/cipher-ctr.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->aes_counter, iv, len);
data/ncrack-0.7+debian/opensshlib/cipher-ctr.c:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, c->aes_counter, len);
data/ncrack-0.7+debian/opensshlib/cipher.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, c->name, nlen + 1);
data/ncrack-0.7+debian/opensshlib/cipher.c:401:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen);
data/ncrack-0.7+debian/opensshlib/cipher.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen + len);
data/ncrack-0.7+debian/opensshlib/cipher.c:431:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, aadlen);
data/ncrack-0.7+debian/opensshlib/cipher.c:543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, cc->ac_ctx.ctr, len);
data/ncrack-0.7+debian/opensshlib/cipher.c:571:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len);
data/ncrack-0.7+debian/opensshlib/cipher.c:614:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen);
data/ncrack-0.7+debian/opensshlib/cipher.c:644:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dat, EVP_X_STATE(cc->evp), plen);
data/ncrack-0.7+debian/opensshlib/cipher.c:661:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EVP_X_STATE(cc->evp), dat, plen);
data/ncrack-0.7+debian/opensshlib/compat.c:234:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(p)) {
data/ncrack-0.7+debian/opensshlib/defines.h:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sun_path[108]; /* path name (gag) */
data/ncrack-0.7+debian/opensshlib/defines.h:625:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
data/ncrack-0.7+debian/opensshlib/defines.h:690:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp (char *);
data/ncrack-0.7+debian/opensshlib/dh.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096];
data/ncrack-0.7+debian/opensshlib/dh.c:156:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
data/ncrack-0.7+debian/opensshlib/dh.c:157:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
data/ncrack-0.7+debian/opensshlib/digest-libc.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->mdctx, from->mdctx, digest->ctx_len);
data/ncrack-0.7+debian/opensshlib/ed25519.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extsk[64];
data/ncrack-0.7+debian/opensshlib/ed25519.c:59:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[32];
data/ncrack-0.7+debian/opensshlib/ed25519.c:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/ncrack-0.7+debian/opensshlib/ed25519.c:61:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extsk[64];
data/ncrack-0.7+debian/opensshlib/ed25519.c:63:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmg[crypto_hash_sha512_BYTES];
data/ncrack-0.7+debian/opensshlib/ed25519.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[crypto_hash_sha512_BYTES];
data/ncrack-0.7+debian/opensshlib/ed25519.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t2[32];
data/ncrack-0.7+debian/opensshlib/ed25519.c:114:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[crypto_hash_sha512_BYTES];
data/ncrack-0.7+debian/opensshlib/fake-rfc2553.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __ss_pad2[_SS_PADSIZE];
data/ncrack-0.7+debian/opensshlib/fe25519.c:100:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32])
data/ncrack-0.7+debian/opensshlib/fe25519.c:108:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x)
data/ncrack-0.7+debian/opensshlib/fe25519.h:40:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
data/ncrack-0.7+debian/opensshlib/fe25519.h:42:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x);
data/ncrack-0.7+debian/opensshlib/ge25519.c:196:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
data/ncrack-0.7+debian/opensshlib/ge25519.c:243:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
data/ncrack-0.7+debian/opensshlib/ge25519.c:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[127];
data/ncrack-0.7+debian/opensshlib/ge25519.c:308:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b[85];
data/ncrack-0.7+debian/opensshlib/ge25519.h:33:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
data/ncrack-0.7+debian/opensshlib/ge25519.h:35:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519 *p);
data/ncrack-0.7+debian/opensshlib/hash.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char iv[64] = {
data/ncrack-0.7+debian/opensshlib/hash.c:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/ncrack-0.7+debian/opensshlib/hash.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padded[256];
data/ncrack-0.7+debian/opensshlib/hmac.c:72:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buf, key, klen);
data/ncrack-0.7+debian/opensshlib/kex.c:76:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]);
data/ncrack-0.7+debian/opensshlib/kex.c:76:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]);
data/ncrack-0.7+debian/opensshlib/kex.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, k->name, nlen + 1);
data/ncrack-0.7+debian/opensshlib/kex.c:353:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
data/ncrack-0.7+debian/opensshlib/kex.c:589:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_new(ncrack_ssh_state *nstate, char *proposal[PROPOSAL_MAX], struct kex **kexp)
data/ncrack-0.7+debian/opensshlib/kex.c:673:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
kex_setup(ncrack_ssh_state *nstate, char *proposal[PROPOSAL_MAX])
data/ncrack-0.7+debian/opensshlib/kex.c:780:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
data/ncrack-0.7+debian/opensshlib/kex.c:780:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
data/ncrack-0.7+debian/opensshlib/kex.c:944:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5));
data/ncrack-0.7+debian/opensshlib/kex.h:175:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_new(ncrack_ssh_state *, char *[PROPOSAL_MAX], struct kex **);
data/ncrack-0.7+debian/opensshlib/kex.h:176:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_setup(ncrack_ssh_state *, char *[PROPOSAL_MAX]);
data/ncrack-0.7+debian/opensshlib/kex.h:181:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
data/ncrack-0.7+debian/opensshlib/kexc25519.c:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *client_version_string,
data/ncrack-0.7+debian/opensshlib/kexc25519.c:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *server_version_string,
data/ncrack-0.7+debian/opensshlib/kexc25519.c:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ckexinit, size_t ckexinitlen,
data/ncrack-0.7+debian/opensshlib/kexc25519.c:90:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *skexinit, size_t skexinitlen,
data/ncrack-0.7+debian/opensshlib/kexc25519c.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/ncrack-0.7+debian/opensshlib/kexdhc.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/ncrack-0.7+debian/opensshlib/kexecdhc.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/ncrack-0.7+debian/opensshlib/kexgexc.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kex->session_id, hash, kex->session_id_len);
data/ncrack-0.7+debian/opensshlib/log.c:370:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
data/ncrack-0.7+debian/opensshlib/log.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[MSGBUFSIZ];
data/ncrack-0.7+debian/opensshlib/log.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtbuf[MSGBUFSIZ];
data/ncrack-0.7+debian/opensshlib/mac.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, m->name, nlen + 1);
data/ncrack-0.7+debian/opensshlib/mac.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, u.m, dlen);
data/ncrack-0.7+debian/opensshlib/match.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub[1024];
data/ncrack-0.7+debian/opensshlib/match.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sproposals[MAX_PROP];
data/ncrack-0.7+debian/opensshlib/misc.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[128], *ret;
data/ncrack-0.7+debian/opensshlib/misc.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user, filename, slash);
data/ncrack-0.7+debian/opensshlib/misc.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ncrack-0.7+debian/opensshlib/misc.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/ncrack-0.7+debian/opensshlib/misc.c:683:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR);
data/ncrack-0.7+debian/opensshlib/misc.c:687:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDWR)) >= 0)
data/ncrack-0.7+debian/opensshlib/misc.c:747:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
data/ncrack-0.7+debian/opensshlib/misc.c:770:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[3], *r;
data/ncrack-0.7+debian/opensshlib/misc.c:1071:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iptos_str[sizeof "0xff"];
data/ncrack-0.7+debian/opensshlib/moduli.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/ncrack-0.7+debian/opensshlib/moduli.c:466:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((r = mkstemp(tmp)) == -1) {
data/ncrack-0.7+debian/opensshlib/moduli.c:492:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cpfile, "r")) == NULL)
data/ncrack-0.7+debian/opensshlib/moduli.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lp[QLINESIZE + 1];
data/ncrack-0.7+debian/opensshlib/moduli.c:523:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/ncrack-0.7+debian/opensshlib/opacket.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/opacket.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/openbsd-compat.h:132:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *path);
data/ncrack-0.7+debian/opensshlib/openssh.h:14:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Kex *kex_setup(char *[PROPOSAL_MAX], Buffer ncrack_buf);
data/ncrack-0.7+debian/opensshlib/packet.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/packet.c:803:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->compression_in_stream, inblob, inl);
data/ncrack-0.7+debian/opensshlib/packet.c:812:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->compression_out_stream, outblob, outl);
data/ncrack-0.7+debian/opensshlib/packet.c:858:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->ssh1_key, key, keylen);
data/ncrack-0.7+debian/opensshlib/packet.c:1336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/ncrack-0.7+debian/opensshlib/packet.c:1986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/packet.c:2067:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/packet.c:3024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ncrack-0.7+debian/opensshlib/poly1305.c:34:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/ncrack-0.7+debian/opensshlib/poly1305.c:34:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/ncrack-0.7+debian/opensshlib/poly1305.c:34:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
data/ncrack-0.7+debian/opensshlib/poly1305.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mp[16];
data/ncrack-0.7+debian/opensshlib/port-net.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[IFNAMSIZ + 1];
data/ncrack-0.7+debian/opensshlib/port-net.c:151:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
data/ncrack-0.7+debian/opensshlib/port-net.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/ncrack-0.7+debian/opensshlib/port-net.c:230:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR);
data/ncrack-0.7+debian/opensshlib/port-net.c:235:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDWR)) >= 0)
data/ncrack-0.7+debian/opensshlib/port-net.c:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[CHAN_RBUF];
data/ncrack-0.7+debian/opensshlib/port-net.c:330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + 4, buf, len);
data/ncrack-0.7+debian/opensshlib/readconf.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *system_hostfiles[SSH_MAX_HOSTS_FILES];
data/ncrack-0.7+debian/opensshlib/readconf.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_hostfiles[SSH_MAX_HOSTS_FILES];
data/ncrack-0.7+debian/opensshlib/readconf.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *identity_files[SSH_MAX_IDENTITY_FILES];
data/ncrack-0.7+debian/opensshlib/readconf.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *send_env[MAX_SEND_ENV];
data/ncrack-0.7+debian/opensshlib/readconf.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *canonical_domains[MAX_CANON_DOMAINS];
data/ncrack-0.7+debian/opensshlib/recallocarray.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, oldsize);
data/ncrack-0.7+debian/opensshlib/recallocarray.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, newsize);
data/ncrack-0.7+debian/opensshlib/sc25519.c:36:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[32];
data/ncrack-0.7+debian/opensshlib/sc25519.c:102:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
data/ncrack-0.7+debian/opensshlib/sc25519.c:111:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
data/ncrack-0.7+debian/opensshlib/sc25519.c:117:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
data/ncrack-0.7+debian/opensshlib/sc25519.c:134:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
data/ncrack-0.7+debian/opensshlib/sc25519.c:221:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s)
data/ncrack-0.7+debian/opensshlib/sc25519.c:258:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s)
data/ncrack-0.7+debian/opensshlib/sc25519.c:295:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
data/ncrack-0.7+debian/opensshlib/sc25519.h:44:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
data/ncrack-0.7+debian/opensshlib/sc25519.h:46:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
data/ncrack-0.7+debian/opensshlib/sc25519.h:48:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
data/ncrack-0.7+debian/opensshlib/sc25519.h:52:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
data/ncrack-0.7+debian/opensshlib/sc25519.h:71:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s);
data/ncrack-0.7+debian/opensshlib/sc25519.h:76:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s);
data/ncrack-0.7+debian/opensshlib/sc25519.h:78:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
data/ncrack-0.7+debian/opensshlib/sha2.c:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state, sha256_initial_hash_value,
data/ncrack-0.7+debian/opensshlib/sha2.c:466:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/ncrack-0.7+debian/opensshlib/sha2.c:473:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/ncrack-0.7+debian/opensshlib/sha2.c:489:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/ncrack-0.7+debian/opensshlib/sha2.c:563:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state, SHA256_DIGEST_LENGTH);
data/ncrack-0.7+debian/opensshlib/sha2.c:576:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state, sha512_initial_hash_value,
data/ncrack-0.7+debian/opensshlib/sha2.c:757:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/ncrack-0.7+debian/opensshlib/sha2.c:764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/ncrack-0.7+debian/opensshlib/sha2.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/ncrack-0.7+debian/opensshlib/sha2.c:844:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state, SHA512_DIGEST_LENGTH);
data/ncrack-0.7+debian/opensshlib/sha2.c:863:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state, sha384_initial_hash_value,
data/ncrack-0.7+debian/opensshlib/sha2.c:887:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state, SHA384_DIGEST_LENGTH);
data/ncrack-0.7+debian/opensshlib/smult_curve25519_ref.c:124:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void mainloop(unsigned int work[64],const unsigned char e[32])
data/ncrack-0.7+debian/opensshlib/smult_curve25519_ref.c:252:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/ncrack-0.7+debian/opensshlib/ssh-dss.c:98:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sigblob, SIGBLOB_LEN);
data/ncrack-0.7+debian/opensshlib/ssh-dss.c:118:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/ncrack-0.7+debian/opensshlib/ssh-dss.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sigblob, signature, signaturelen);
data/ncrack-0.7+debian/opensshlib/ssh-ecdsa.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/ncrack-0.7+debian/opensshlib/ssh-ed25519.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/ncrack-0.7+debian/opensshlib/ssh-ed25519.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm, sigblob, len);
data/ncrack-0.7+debian/opensshlib/ssh-ed25519.c:141:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm+len, data, datalen);
data/ncrack-0.7+debian/opensshlib/ssh-rsa.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sigp, sshbuf_ptr(b), len);
data/ncrack-0.7+debian/opensshlib/ssh.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/ncrack-0.7+debian/opensshlib/ssh.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], strport[NI_MAXSERV];
data/ncrack-0.7+debian/opensshlib/ssh.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *fullhost, newname[NI_MAXHOST];
data/ncrack-0.7+debian/opensshlib/ssh.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/ncrack-0.7+debian/opensshlib/ssh.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile;
data/ncrack-0.7+debian/opensshlib/ssh.c:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
data/ncrack-0.7+debian/opensshlib/ssh.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[NI_MAXHOST];
data/ncrack-0.7+debian/opensshlib/ssh.c:1402:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
data/ncrack-0.7+debian/opensshlib/ssh.c:1821:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = open(_PATH_DEVNULL, O_RDONLY);
data/ncrack-0.7+debian/opensshlib/ssh.c:1948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, *cp, thishost[NI_MAXHOST];
data/ncrack-0.7+debian/opensshlib/ssh.c:1954:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *identity_files[SSH_MAX_IDENTITY_FILES];
data/ncrack-0.7+debian/opensshlib/ssh.c:2035:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.identity_files, identity_files, sizeof(identity_files));
data/ncrack-0.7+debian/opensshlib/ssh.c:2036:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, p, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:113:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*valp, val, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:205:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*valp, p, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, v, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + 4, v, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:424:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + 4 + prepend, s, len);
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-crypto.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp + 2, d, len_bytes);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, *ret, strport[NI_MAXSERV];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:493:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], remote_version[256]; /* must be same size! */
data/ncrack-0.7+debian/opensshlib/sshconnect.c:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostline[1000], *hostp, *fp, *ra;
data/ncrack-0.7+debian/opensshlib/sshconnect.c:841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/ncrack-0.7+debian/opensshlib/sshconnect.c:984:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg1[1024], msg2[1024];
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:898:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[150];
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[150];
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[300], *passphrase;
data/ncrack-0.7+debian/opensshlib/sshkey.c:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + rlen, kt->name, nlen + 1);
data/ncrack-0.7+debian/opensshlib/sshkey.c:887:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*blobp, sshbuf_ptr(b), len);
data/ncrack-0.7+debian/opensshlib/sshkey.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *retval, hex[5];
data/ncrack-0.7+debian/opensshlib/sshkey.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X];
data/ncrack-0.7+debian/opensshlib/sshkey.c:1160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, title, tlen);
data/ncrack-0.7+debian/opensshlib/sshkey.c:1180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, hash, hlen);
data/ncrack-0.7+debian/opensshlib/sshkey.c:1873:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
data/ncrack-0.7+debian/opensshlib/sshkey.c:2389:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
data/ncrack-0.7+debian/opensshlib/sshkey.c:3515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 2, cp, 2);
data/ncrack-0.7+debian/opensshlib/umac.c:199:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,AES_BLOCK_LEN);
data/ncrack-0.7+debian/opensshlib/umac.c:206:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,nbytes);
data/ncrack-0.7+debian/opensshlib/umac.c:620:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data+j, buf, i);
data/ncrack-0.7+debian/opensshlib/umac.c:635:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data + j, buf, nbytes);
data/ncrack-0.7+debian/opensshlib/umac.c:974:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->poly_key_8+i, buf+24*i, 8);
data/ncrack-0.7+debian/opensshlib/umac.c:984:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64),
data/ncrack-0.7+debian/opensshlib/vis.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[5];
data/ncrack-0.7+debian/opensshlib/vis.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tbuf, i);
data/ncrack-0.7+debian/output.cc:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *logtypes[LOG_NUM_FILES]=LOG_NAMES;
data/ncrack-0.7+debian/output.cc:324:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.ncrack_stdout = fopen(DEVNULL, "w");
data/ncrack-0.7+debian/output.cc:331:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.logfd[i] = fopen(filename, "a");
data/ncrack-0.7+debian/output.cc:333:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.logfd[i] = fopen(filename, "w");
data/ncrack-0.7+debian/output.cc:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[10];
data/ncrack-0.7+debian/output.cc:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mytime[128];
data/ncrack-0.7+debian/targets.cc:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acBuf[512];
data/ncrack-0.7+debian/utils.cc:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ncrack-0.7+debian/utils.cc:378:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbl[64] = {
data/ncrack-0.7+debian/utils.cc:484:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, openflags);
data/ncrack-0.7+debian/utils.cc:660:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf + *offset, s, n);
data/ncrack-0.7+debian/xml.cc:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ncrack-0.7+debian/xml.cc:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + i, repl, len);
data/ncrack-0.7+debian/xml.cc:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ncrack-0.7+debian/xml.cc:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + i, repl, len);
data/ncrack-0.7+debian/NcrackOutputTable.cc:198:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemlen = strlen(item);
data/ncrack-0.7+debian/Service.cc:217:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = Strndup(ref.path, strlen(ref.path));
data/ncrack-0.7+debian/Service.cc:219:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db = Strndup(ref.db, strlen(ref.db));
data/ncrack-0.7+debian/Service.cc:221:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain = Strndup(ref.domain, strlen(ref.domain));
data/ncrack-0.7+debian/crypto.cc:199:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(password))
data/ncrack-0.7+debian/crypto.cc:201:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i + 7 < strlen(password))
data/ncrack-0.7+debian/crypto.cc:272:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4_Update(&ntlm, unicode, strlen(password) * 2);
data/ncrack-0.7+debian/crypto.cc:301:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t username_length = strlen(username);
data/ncrack-0.7+debian/crypto.cc:302:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t domain_length = strlen(domain);
data/ncrack-0.7+debian/http.cc:1020:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(p, PREFIX, strlen(PREFIX)) != 0)
data/ncrack-0.7+debian/http.cc:1022:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(PREFIX);
data/ncrack-0.7+debian/http_digest.cc:226:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, time_buf, strlen(time_buf));
data/ncrack-0.7+debian/http_digest.cc:248:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, username, strlen(username));
data/ncrack-0.7+debian/http_digest.cc:250:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, realm, strlen(realm));
data/ncrack-0.7+debian/http_digest.cc:252:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, password, strlen(password));
data/ncrack-0.7+debian/http_digest.cc:258:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, method, strlen(method));
data/ncrack-0.7+debian/http_digest.cc:260:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, uri, strlen(uri));
data/ncrack-0.7+debian/http_digest.cc:266:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, HA1_hex, strlen(HA1_hex));
data/ncrack-0.7+debian/http_digest.cc:268:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, nonce, strlen(nonce));
data/ncrack-0.7+debian/http_digest.cc:271:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, nc, strlen(nc));
data/ncrack-0.7+debian/http_digest.cc:273:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, cnonce, strlen(cnonce));
data/ncrack-0.7+debian/http_digest.cc:275:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, "auth", strlen("auth"));
data/ncrack-0.7+debian/http_digest.cc:278:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, HA2_hex, strlen(HA2_hex));
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:203:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
call.len[3] = 63 + strlen(con->user) + strlen(con->pass);//total length of the packet
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:203:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
call.len[3] = 63 + strlen(con->user) + strlen(con->pass);//total length of the packet
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:248:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.Struct.map.length1[3] = strlen("username");
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:255:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.Struct.map.length2[3] = strlen(con->user);
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:257:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:262:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.Struct.map.length3[3] = strlen("password");
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:269:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.Struct.map.length4[3] = strlen(con->pass); //4byte
data/ncrack-0.7+debian/modules/ncrack_cassandra.cc:271:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:177:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(encoded_pass, con->pass, sizeof(encoded_pass) - 1);
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:179:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(con->pass); i++) {
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:184:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(69 + strlen(con->user) + strlen(encoded_pass),
data/ncrack-0.7+debian/modules/ncrack_cvs.cc:184:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(69 + strlen(con->user) + strlen(encoded_pass),
data/ncrack-0.7+debian/modules/ncrack_dicom.cc:389:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(da.assoc.called_ae, con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_dicom.cc:390:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(da.assoc.calling_ae, con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:266:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user);
data/ncrack-0.7+debian/modules/ncrack_ftp.cc:291:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_http.cc:226:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hstate->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_http.cc:248:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:252:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_http.cc:255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_http.cc:336:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_http.cc:352:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_http.cc:370:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(info->auth_scheme);
data/ncrack-0.7+debian/modules/ncrack_http.cc:408:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(reply);
data/ncrack-0.7+debian/modules/ncrack_http.cc:424:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = Strndup(reply, strlen(reply));
data/ncrack-0.7+debian/modules/ncrack_http.cc:451:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = Strndup(mi->second, strlen(mi->second));
data/ncrack-0.7+debian/modules/ncrack_http.cc:541:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:545:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_http.cc:548:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_http.cc:552:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(response_hdr, strlen(response_hdr));
data/ncrack-0.7+debian/modules/ncrack_http.cc:633:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_http.cc:637:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_http.cc:640:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_http.cc:659:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) + 1;
data/ncrack-0.7+debian/modules/ncrack_http.cc:659:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) + 1;
data/ncrack-0.7+debian/modules/ncrack_http.cc:668:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(b64, strlen(b64));
data/ncrack-0.7+debian/modules/ncrack_imap.cc:189:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(12 + strlen(con->user) + strlen(con->pass), "01 LOGIN %s %s\r\n", con->user, con->pass);
data/ncrack-0.7+debian/modules/ncrack_imap.cc:189:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(12 + strlen(con->user) + strlen(con->pass), "01 LOGIN %s %s\r\n", con->user, con->pass);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:179:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serv->path) > 1) {
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:182:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:189:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:191:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formlen = strlen(con->user) + strlen(con->pass) + sizeof("username=&passwd=&task=login&lang=&option=com_login") - 1 + 20 + 35;
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:207:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formlen = strlen(con->user) + strlen(con->pass) + sizeof("username=&passwd=&task=login&lang=&option=com_login") - 1 + 20 + 35;
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:212:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:216:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_joomla.cc:218:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:230:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hstate->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:243:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:243:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:246:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("listDatabases") + 1 + 4 + 4 /* element list database length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:251:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:251:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:338:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:338:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->db) + strlen(".$cmd") + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:341:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("isMaster") + 1 + 4 /* element list database length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:347:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:347:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + strlen(".$cmd") + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:376:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LONGQUARTET(4 + 1 + (int) strlen("isMaster") + 1 + 4 + 1),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:414:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->auth_scheme = Strndup("MONGODB_SCRAM_SHA1", strlen("MONGODB_SCRAM_SHA1"));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:418:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:427:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->auth_scheme = Strndup("MONGODB_CR", strlen("MONGODB_CR"));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:431:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:477:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:481:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("getnonce") + 1 + 4 + 4 /* element getnonce length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:486:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(full_collection_name) + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:576:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:577:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, ":mongo:", strlen(":mongo:"));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:578:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:584:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, nonce, strlen(nonce));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:585:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:586:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, HA1_hex, strlen(HA1_hex));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:594:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:598:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("authenticate") + 1 + 4 + 4 /* element authenticate length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:599:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("nonce") + 1 + 4 + strlen(nonce) + 1 /* element nonce length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:599:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("nonce") + 1 + 4 + strlen(nonce) + 1 /* element nonce length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:600:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("key") + 1 + 4 + MD5_DIGEST_LENGTH * 2 + 1 /* element key length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:601:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("user") + 1 + 4 + strlen(con->user) + 1 /* element user length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:601:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("user") + 1 + 4 + strlen(con->user) + 1 /* element user length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:607:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(full_collection_name) + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:668:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LONGQUARTET(((int) strlen(nonce) + 1)),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:676:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LONGQUARTET(((int) strlen(con->user) + 1)),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:753:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:759:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload = (char *)safe_malloc(strlen(info->client_nonce) + strlen(con->user) + 8 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:759:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload = (char *)safe_malloc(strlen(info->client_nonce) + strlen(con->user) + 8 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:760:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(payload, strlen(info->client_nonce) + 1 + strlen(con->user) + 8,
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:760:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(payload, strlen(info->client_nonce) + 1 + strlen(con->user) + 8,
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:764:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("saslStart") + 1 + 4 /* element saslStart length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:765:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("mechanism") + 1 + 4 + strlen("SCRAM-SHA-1") + 1 /* element SCRAM-SHA-1 length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:765:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("mechanism") + 1 + 4 + strlen("SCRAM-SHA-1") + 1 /* element SCRAM-SHA-1 length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:766:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("payload") + 1 + 4 + 1 + strlen(payload) + 1 /* element payload length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:766:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("payload") + 1 + 4 + 1 + strlen(payload) + 1 /* element payload length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:767:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("autoAuthorize") + 1 + 4 /* element autoAuthorize length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:773:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(full_collection_name) + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:832:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LONGQUARTET(((int) strlen(payload) + 1)), 0x00,
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:942:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"r=", strlen(pch))) {
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:946:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"i=", strlen(pch))) {
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:950:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"s=", strlen(pch))) {
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:969:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(info->client_nonce, rnonce, strlen(info->client_nonce))){
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:984:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, con->user, strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:985:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, ":mongo:", strlen(":mongo:"));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:986:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:997:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decoded_salt = (char *)safe_malloc((strlen(salt) + 1));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:998:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_decode(salt, strlen(salt), decoded_salt);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1000:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PKCS5_PBKDF2_HMAC_SHA1(HA1_hex, strlen(HA1_hex),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1001:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char*) decoded_salt, strlen(decoded_salt), atoi(iterations),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1019:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
without_proof = (char *)safe_malloc(strlen("c=biws,r=") + strlen(rnonce) + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1019:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
without_proof = (char *)safe_malloc(strlen("c=biws,r=") + strlen(rnonce) + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1020:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(without_proof, strlen("c=biws,r=") + strlen(rnonce) + 1,
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1020:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(without_proof, strlen("c=biws,r=") + strlen(rnonce) + 1,
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1030:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_msg_len = strlen(con->user) + 12 + strlen(tmp_buffer) + strlen(without_proof) + 7 + 1;
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1030:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_msg_len = strlen(con->user) + 12 + strlen(tmp_buffer) + strlen(without_proof) + 7 + 1;
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1030:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_msg_len = strlen(con->user) + 12 + strlen(tmp_buffer) + strlen(without_proof) + 7 + 1;
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1056:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client_final = (char *)safe_malloc(3 + strlen(tmp_b64) + strlen(without_proof));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1056:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client_final = (char *)safe_malloc(3 + strlen(tmp_b64) + strlen(without_proof));
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1057:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(client_final, 3 + strlen(tmp_b64) + 1 + strlen(without_proof),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1057:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(client_final, 3 + strlen(tmp_b64) + 1 + strlen(without_proof),
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1064:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_collection_name = (char *)safe_malloc(strlen(serv->db) + 6 + 1);
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1069:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("saslContinue") + 1 + 4 /* element saslContinue length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1070:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("conversationId") + 1 + 4 /* element conversationId length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1071:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("payload") + 1 + 4 + 1 + strlen(client_final) /* element payload length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1071:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 1 + strlen("payload") + 1 + 4 + 1 + strlen(client_final) /* element payload length */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1077:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(full_collection_name) + 1 /* full collection name + null byte */
data/ncrack-0.7+debian/modules/ncrack_mongodb.cc:1130:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LONGQUARTET(((int)strlen(client_final) )), 0x00,
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:229:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd.msg_len = sizeof(connect_cmd) + strlen(con->user) + strlen(con->pass) + sizeof(pass_len) - 2;
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:229:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd.msg_len = sizeof(connect_cmd) + strlen(con->user) + strlen(con->pass) + sizeof(pass_len) - 2;
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:230:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd.username_len = htons(strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:231:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = htons(strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:234:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_mqtt.cc:236:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:335:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(username + strlen(con->user), 0, 30 - strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:335:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(username + strlen(con->user), 0, 30 - strlen(con->user));
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:336:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password + strlen(con->pass), 0, 30 - strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:336:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password + strlen(con->pass), 0, 30 - strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:483:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_login = (unsigned char)strlen(con->user);
data/ncrack-0.7+debian/modules/ncrack_mssql.cc:484:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_pass = (unsigned char)strlen(con->pass);
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:243:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:255:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_authentication_method[strlen(server_authentication_method) + 1] = '\0';
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:257:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:283:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_authentication_method[strlen(server_authentication_method) + 1] = '\0';
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:284:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mysql_auth_method, server_authentication_method, strlen(server_authentication_method));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:292:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mysql_salt_ret, mysql_salt, strlen(mysql_salt));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:320:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1_Update(&sha1_ctx, (const uint8_t *) password, strlen(password));
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:369:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
packet_length = strlen(con->user) + 4 + 23 +
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:370:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("\x01\x05\xa6\x0f\x01\x21\x14");
data/ncrack-0.7+debian/modules/ncrack_mysql.cc:376:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *)con->outbuf->get_dataptr() + packet_length + 20 + 4, "mysql_native_password\x00", sizeof "mysql_native_password ");
data/ncrack-0.7+debian/modules/ncrack_owa.cc:267:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_owa.cc:270:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_owa.cc:282:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) +
data/ncrack-0.7+debian/modules/ncrack_owa.cc:282:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) +
data/ncrack-0.7+debian/modules/ncrack_owa.cc:288:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen += strlen(serv->target->targetname);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:290:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen += strlen(serv->target->NameIP());
data/ncrack-0.7+debian/modules/ncrack_owa.cc:294:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:301:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_owa.cc:304:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_owa.cc:307:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->user), "%s", con->user);
data/ncrack-0.7+debian/modules/ncrack_owa.cc:309:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(con->pass), "%s", con->pass);
data/ncrack-0.7+debian/modules/ncrack_pop3.cc:207:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(7 + strlen(con->user), "USER %s\r\n", con->user);
data/ncrack-0.7+debian/modules/ncrack_pop3.cc:240:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(7 + strlen(con->pass), "PASS %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_psql.cc:178:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, password, strlen(password));
data/ncrack-0.7+debian/modules/ncrack_psql.cc:179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, username, strlen(username));
data/ncrack-0.7+debian/modules/ncrack_psql.cc:185:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, HA1_hex, strlen(HA1_hex));
data/ncrack-0.7+debian/modules/ncrack_psql.cc:186:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5, salt, strlen(salt));
data/ncrack-0.7+debian/modules/ncrack_psql.cc:308:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
packet_length = strlen(con->user) + 7 +
data/ncrack-0.7+debian/modules/ncrack_psql.cc:309:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("\x03user database postgres application_name psql client_encoding UTF8 ");
data/ncrack-0.7+debian/modules/ncrack_psql.cc:340:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
packet_length = strlen(response_hex) + 5 + strlen("p");
data/ncrack-0.7+debian/modules/ncrack_psql.cc:340:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
packet_length = strlen(response_hex) + 5 + strlen("p");
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1778:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t length = 30 + strlen(COOKIE_USERNAME) + 8; // + 8 for RDP version 5
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1794:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen("Cookie: mstshash="), "%s",
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1796:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(COOKIE_USERNAME), "%s", COOKIE_USERNAME);
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1934:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:1989:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:2150:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cnd.channel.name, "rdpdr", sizeof("rdpdr"));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:2230:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = Strndup(mi->second, strlen(mi->second));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3839:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3940:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:3972:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4045:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4065:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4099:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4112:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4214:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->service->end.reason = Strndup(error, strlen(error));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4434:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_ip = 2 * strlen("172.16.51.1") + 2; // TODO: change this to non-hardcoded IP
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4435:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll") + 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4458:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_length = strlen(domain) * 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4459:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
username_length = strlen(con->user) * 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4460:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password_length = strlen(con->pass) * 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4461:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shell_length = strlen(shell) * 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4462:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
workingdir_length = strlen(workingdir) * 2;
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4571:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->append(u_gtb_normal, 2 * strlen("GTB, normaltid"));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4573:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->append(pad0, 62 - 2 * strlen("GTB, normaltid"));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4580:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->append(u_gtb_sommar, 2 * strlen("GTB, sommartid"));
data/ncrack-0.7+debian/modules/ncrack_rdp.cc:4582:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->append(pad0, 62 - 2 * strlen("GTB, sommartid"));
data/ncrack-0.7+debian/modules/ncrack_redis.cc:183:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(7 + strlen(con->pass), "AUTH %s\r\n", con->pass);
data/ncrack-0.7+debian/modules/ncrack_sip.cc:223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:223:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:223:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:223:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:224:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:224:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:224:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:224:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:225:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(cseq_s) +
data/ncrack-0.7+debian/modules/ncrack_sip.cc:226:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: <sip:@>\r\nTo: <sip:@>\r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nContent-Length: 0\r\n\r\n"),
data/ncrack-0.7+debian/modules/ncrack_sip.cc:235:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen("officesip.local") + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:235:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen("officesip.local") + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:235:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen("officesip.local") + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:235:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen("officesip.local") + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:236:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("officesip.local") + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:236:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("officesip.local") + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:236:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("officesip.local") + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:236:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("officesip.local") + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(cseq_s) +
data/ncrack-0.7+debian/modules/ncrack_sip.cc:238:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: <sip:@>\r\nTo: <sip:@>\r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nContent-Length: 0\r\n\r\n"),
data/ncrack-0.7+debian/modules/ncrack_sip.cc:278:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Domain invalid or not specified."));
data/ncrack-0.7+debian/modules/ncrack_sip.cc:312:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:312:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:312:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:312:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->target->NameIP()) + strlen(info->local_ip) + strlen(localport_s) + strlen(con->user) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:313:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:313:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:313:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->target->NameIP()) + strlen(con->user) + strlen(serv->target->NameIP()) + strlen(serv->target->NameIP()) \
data/ncrack-0.7+debian/modules/ncrack_sip.cc:314:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(cseq_s) + strlen(response_hdr) +
data/ncrack-0.7+debian/modules/ncrack_sip.cc:314:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(cseq_s) + strlen(response_hdr) +
data/ncrack-0.7+debian/modules/ncrack_sip.cc:315:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("REGISTER sip: SIP/2.0\r\nVia: SIP/2.0/TCP :\r\nFrom: <sip:@>\r\nTo: <sip:@>\r\n" "Call-ID: 1234@\r\nCSeq: REGISTER\r\nAuthorization:\r\nContent-Length: 0\r\n\r\n"),
data/ncrack-0.7+debian/modules/ncrack_sip.cc:423:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr = (char *)malloc(strlen(host) + 1);
data/ncrack-0.7+debian/modules/ncrack_sip.cc:424:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(addr, 0, strlen(host) + 1);
data/ncrack-0.7+debian/modules/ncrack_sip.cc:425:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(addr, host, strlen(host));
data/ncrack-0.7+debian/modules/ncrack_smb.cc:602:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(con->user, strlen(con->user) + 1);
data/ncrack-0.7+debian/modules/ncrack_smb.cc:614:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
byte_count = info->lm.length + info->ntlm.length + strlen(con->user) + 1
data/ncrack-0.7+debian/modules/ncrack_ssh.cc:453:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size_t)strlen((const char *)con->outbuf->get_dataptr()));
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:356:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (size_t)((info->userptr - con->user)) != strlen(con->user)) {
data/ncrack-0.7+debian/modules/ncrack_telnet.cc:377:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)(info->userptr - con->user) == strlen(con->user)) {
data/ncrack-0.7+debian/modules/ncrack_vnc.cc:171:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(passwd)) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hstate->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:268:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:272:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:275:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:288:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(tmp, strlen(tmp));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:318:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->auth_scheme = Strndup("Basic", strlen("Basic"));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:322:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:330:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->auth_scheme = Strndup("Negotiate", strlen("Negotiate"));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:334:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(info->auth_scheme));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:394:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:398:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:401:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:419:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) + 1;
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:419:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + strlen(con->pass) + 1;
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:426:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(b64, strlen(b64));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:498:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ntlm_sig = (char *)safe_malloc(strlen(NTLMSSP_SIGNATURE) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:508:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:512:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:515:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:520:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(NTLMSSP_SIGNATURE) + 5
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->domain) + 1;
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:557:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHORTPAIR((int) strlen(serv->domain)),
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:558:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHORTPAIR((int) strlen(serv->domain)), 0,
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:563:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHORTPAIR(32 + (int) strlen(serv->domain)),
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:576:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(b64, strlen(b64));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:630:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type2 = (char *)safe_malloc((strlen(tmp) + 1));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:634:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(tmp);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:666:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(NTLMSSP_SIGNATURE) + 1; i++) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:670:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ntlm_sig, NTLMSSP_SIGNATURE, strlen(NTLMSSP_SIGNATURE))) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:693:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(type2_marker_check, type2_marker, strlen(type2_marker))) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:783:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp3 = (char *)safe_malloc((strlen(tmp) + 1));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:813:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path) + 17, "%s HTTP/1.1\r\nHost: ",
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:817:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:820:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:843:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->pass) + 1;
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:910:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_unicode = (char *)safe_malloc(2*strlen(serv->domain) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:913:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domainlen = 2*strlen(serv->domain);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:916:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(serv->domain); i++) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:923:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_unicode = (char *)safe_malloc(2*strlen(con->user) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:925:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userlen = 2*strlen(con->user);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:929:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(con->user); i++) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:947:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_unicode = (char *)safe_malloc(2*strlen(con->pass) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:951:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(con->pass); i++) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:965:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4_Update(&MD4pw, pass_unicode, 2*strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:990:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4_Update(&MD4pw, pass_unicode, 2*strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1029:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_upper = (unsigned char *)safe_malloc(strlen(con->user) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1030:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(con->user) + 1;
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1031:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *)safe_zalloc(strlen(con->user) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1041:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < strlen(con->user); i++){
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1049:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_upper_unicode = (char *)safe_malloc(2*strlen(con->user) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1050:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userlen = 2*strlen(con->user);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1062:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_temp_unicode = (char *)safe_malloc(2*strlen(serv->domain) + 1);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1063:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_tmplen = 2*strlen(serv->domain);
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1065:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(serv->domain); i++) {
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1184:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen2 = strlen(NTLMSSP_SIGNATURE) + 1 + 4
data/ncrack-0.7+debian/modules/ncrack_winrm.cc:1300:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(b64, strlen(b64));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:208:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serv->path) > 1) {
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:211:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:220:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:222:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serv->path) > 1) {
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:291:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(strlen(serv->path), "%s", serv->path);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:298:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->targetname, strlen(serv->target->targetname));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:300:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(serv->target->NameIP(), strlen(serv->target->NameIP()));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:316:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formlen = strlen(con->user) + strlen(con->pass) + sizeof("log&log==") - 1;
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:316:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formlen = strlen(con->user) + strlen(con->pass) + sizeof("log&log==") - 1;
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:321:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->snprintf(20 + strlen(tmp), "Content-Length: %s\r\n\r\n", tmp);
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:325:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(con->pass, strlen(con->pass));
data/ncrack-0.7+debian/modules/ncrack_wordpress.cc:327:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
con->outbuf->append(con->user, strlen(con->user));
data/ncrack-0.7+debian/nbase/getopt.c:228:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(longopts[ind].name) == (size_t) (charind - offset)) &&
data/ncrack-0.7+debian/nbase/inet_ntop.c:229:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/ncrack-0.7+debian/nbase/inet_ntop.c:250:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, tmp, size);
data/ncrack-0.7+debian/nbase/nbase.h:452:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
void usleep(unsigned long usec);
data/ncrack-0.7+debian/nbase/nbase_addrset.c:412:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF) {
data/ncrack-0.7+debian/nbase/nbase_addrset.c:421:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF) {
data/ncrack-0.7+debian/nbase/nbase_misc.c:338:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device) + 1;
data/ncrack-0.7+debian/nbase/nbase_misc.c:347:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(padded, device, sizeof(padded));
data/ncrack-0.7+debian/nbase/nbase_misc.c:456:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(tv->tv_sec * 1000000UL + tv->tv_usec);
data/ncrack-0.7+debian/nbase/nbase_misc.c:510:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(stv.tv_sec * 1000000UL + stv.tv_usec);
data/ncrack-0.7+debian/nbase/nbase_misc.c:821:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pathname_len = strlen(pathname_buf);
data/ncrack-0.7+debian/nbase/nbase_rnd.c:230:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, seed + sizeof(*tv) + sizeof(*pid),
data/ncrack-0.7+debian/nbase/nbase_str.c:152:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needlelen = (unsigned int)strlen(pneedle);
data/ncrack-0.7+debian/nbase/nbase_str.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, n);
data/ncrack-0.7+debian/nbase/nbase_str.c:347:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path) - 1;
data/ncrack-0.7+debian/nbase/nbase_str.c:372:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result, path, i);
data/ncrack-0.7+debian/nbase/nbase_time.c:144:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
void usleep(unsigned long usec) {
data/ncrack-0.7+debian/nbase/snprintf.c:250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width -= strlen((char *)arg);
data/ncrack-0.7+debian/nbase/strcasecmp.c:145:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp1 = safe_malloc(strlen(s1) + 1);
data/ncrack-0.7+debian/nbase/strcasecmp.c:146:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 = safe_malloc(strlen(s2) + 1);
data/ncrack-0.7+debian/nbase/strcasecmp.c:148:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s1) + 1; i++)
data/ncrack-0.7+debian/nbase/strcasecmp.c:150:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s2) + 1; i++)
data/ncrack-0.7+debian/nbase/strcasecmp.c:168:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp1 = safe_malloc(strlen(s1) + 1);
data/ncrack-0.7+debian/nbase/strcasecmp.c:169:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 = safe_malloc(strlen(s2) + 1);
data/ncrack-0.7+debian/nbase/strcasecmp.c:171:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s1) + 1; i++)
data/ncrack-0.7+debian/nbase/strcasecmp.c:173:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s2) + 1; i++)
data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c:109:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(p);
data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c:110:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/ncrack-0.7+debian/nbase/test/test-escape_windows_command_arg.c:115:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
return strncat(p, s, plen+slen);
data/ncrack-0.7+debian/ncrack.cc:349:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "%127s %hu/%15s", servicename, &portno, proto) != 3)
data/ncrack-0.7+debian/ncrack.cc:403:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pathname_len = strlen(pathname_buf);
data/ncrack-0.7+debian/ncrack.cc:642:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack.cc:681:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_len = strlen(arg);
data/ncrack-0.7+debian/ncrack.cc:743:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 2 && !strncmp(line, "\r\n", 2))
data/ncrack-0.7+debian/ncrack.cc:746:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = Strndup(line, strlen(line) - 1);
data/ncrack-0.7+debian/ncrack.cc:1010:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) >= 7 && !(strncmp(optarg, "socks4a", 7)))
data/ncrack-0.7+debian/ncrack.cc:1055:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = Strndup(optarg, strlen(optarg));
data/ncrack-0.7+debian/ncrack.cc:1062:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = Strndup(optarg, strlen(optarg));
data/ncrack-0.7+debian/ncrack.cc:1147:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = Strndup(optarg, strlen(optarg));
data/ncrack-0.7+debian/ncrack.cc:1155:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = Strndup(optarg, strlen(optarg));
data/ncrack-0.7+debian/ncrack_input.cc:174:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:196:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:211:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:256:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:266:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memsearch(buf, "port ", strlen(buf))) {
data/ncrack-0.7+debian/ncrack_input.cc:280:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:433:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:468:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:531:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_input.cc:560:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(inputfd)) != EOF) {
data/ncrack-0.7+debian/ncrack_resume.cc:262:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&path[strlen(path)], "\\.ncrack", sizeof(path) - strlen(path));
data/ncrack-0.7+debian/ncrack_resume.cc:262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(&path[strlen(path)], "\\.ncrack", sizeof(path) - strlen(path));
data/ncrack-0.7+debian/ncrack_resume.cc:262:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(&path[strlen(path)], "\\.ncrack", sizeof(path) - strlen(path));
data/ncrack-0.7+debian/ncrack_resume.cc:327:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (!strlen(o.saved_argv[argiter])
data/ncrack-0.7+debian/ncrack_resume.cc:328:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| ((strlen(o.saved_argv[argiter]) == 1)
data/ncrack-0.7+debian/ncrack_resume.cc:332:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(BLANK_ENTRY, strlen(BLANK_ENTRY), 1, outfile) != 1)
data/ncrack-0.7+debian/ncrack_resume.cc:336:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(o.saved_argv[argiter], strlen(o.saved_argv[argiter]), 1,
data/ncrack-0.7+debian/ncrack_resume.cc:346:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(o.saved_argv[argiter], "--user", strlen(o.saved_argv[argiter]))
data/ncrack-0.7+debian/ncrack_resume.cc:347:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strncmp(o.saved_argv[argiter], "--pass", strlen(o.saved_argv[argiter])))
data/ncrack-0.7+debian/ncrack_resume.cc:392:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(vi->user, strlen(vi->user), 1, outfile) != 1)
data/ncrack-0.7+debian/ncrack_resume.cc:396:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(vi->pass, strlen(vi->pass), 1, outfile) != 1)
data/ncrack-0.7+debian/ncrack_resume.cc:477:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ncrack_arg_buffer, "ncrack ", 7);
data/ncrack-0.7+debian/ncrack_resume.cc:493:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(*(*myargv+i), BLANK_ENTRY, strlen(BLANK_ENTRY))) {
data/ncrack-0.7+debian/ncrack_resume.cc:494:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(*(*myargv+i), '\0', strlen(BLANK_ENTRY));
data/ncrack-0.7+debian/ncrack_tty.cc:210:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
numChars = read(tty_fd, &c, 1);
data/ncrack-0.7+debian/nsock/include/nsock.h:87:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen((ptr)->sun_path))
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:363:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nsi->hostname = (char *)safe_malloc(strlen(targetname));
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:364:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nsi->hostname, targetname, strlen(targetname));
data/ncrack-0.7+debian/nsock/src/nsock_connect.c:364:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(nsi->hostname, targetname, strlen(targetname));
data/ncrack-0.7+debian/nsock/src/nsock_core.c:624:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buflen = read(iod->sd, buf, sizeof(buf));
data/ncrack-0.7+debian/nsock/src/nsock_core.c:1169:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/ncrack-0.7+debian/nsock/src/nsock_proxy.c:355:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(proxystr, pspec->prefix, strlen(pspec->prefix)) == 0) {
data/ncrack-0.7+debian/nsock/src/nsock_write.c:105:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = (int) strlen(data);
data/ncrack-0.7+debian/nsock/src/nsock_write.c:143:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = (int)strlen(data);
data/ncrack-0.7+debian/ntlmssp.cc:330:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(user) + 1;
data/ncrack-0.7+debian/ntlmssp.cc:332:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(domain);
data/ncrack-0.7+debian/ntlmssp.cc:340:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(userdomain) - 1; i >=0; i--) {
data/ncrack-0.7+debian/ntlmssp.cc:354:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userdomain_len = strlen(userdomain);
data/ncrack-0.7+debian/ntlmssp.cc:509:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_len = strlen(auth_data->domain);
data/ncrack-0.7+debian/ntlmssp.cc:526:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_len = strlen(auth_data->user);
data/ncrack-0.7+debian/ntlmssp.cc:539:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
workstation_len = strlen(auth_data->workstation);
data/ncrack-0.7+debian/opensshlib/addrmatch.c:469:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
data/ncrack-0.7+debian/opensshlib/addrmatch.c:476:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
data/ncrack-0.7+debian/opensshlib/arc4random.c:95:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, s + o, len - o);
data/ncrack-0.7+debian/opensshlib/blowfish.c:685:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blf_key(&c, (u_int8_t *) key2, strlen(key2));
data/ncrack-0.7+debian/opensshlib/bsd-misc.c:176:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds)
data/ncrack-0.7+debian/opensshlib/bsd-misc.c:258:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/ncrack-0.7+debian/opensshlib/bsd-misc.h:86:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds);
data/ncrack-0.7+debian/opensshlib/bsd-snprintf.c:438:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(strvalue);
data/ncrack-0.7+debian/opensshlib/cipher.c:139:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(c->name);
data/ncrack-0.7+debian/opensshlib/cipher.c:493:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passphrase, strlen(passphrase),
data/ncrack-0.7+debian/opensshlib/compat.c:271:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_append(&b, cp, strlen(cp));
data/ncrack-0.7+debian/opensshlib/fe25519.c:16:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
data/ncrack-0.7+debian/opensshlib/fe25519.c:87:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
crypto_uint32 m = equal(r->v[31],127);
data/ncrack-0.7+debian/opensshlib/fe25519.c:89:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
m &= equal(r->v[i],255);
data/ncrack-0.7+debian/opensshlib/fe25519.c:123:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r = equal(t.v[0],0);
data/ncrack-0.7+debian/opensshlib/fe25519.c:125:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r &= equal(t.v[i],0);
data/ncrack-0.7+debian/opensshlib/ge25519.c:152:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/ncrack-0.7+debian/opensshlib/ge25519.c:175:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/ncrack-0.7+debian/opensshlib/ge25519.c:175:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/ncrack-0.7+debian/opensshlib/ge25519.c:176:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/ncrack-0.7+debian/opensshlib/ge25519.c:176:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/ncrack-0.7+debian/opensshlib/ge25519.c:177:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/ncrack-0.7+debian/opensshlib/ge25519.c:177:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/ncrack-0.7+debian/opensshlib/ge25519.c:178:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
data/ncrack-0.7+debian/opensshlib/hmac.c:190:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1));
data/ncrack-0.7+debian/opensshlib/hmac.c:191:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2));
data/ncrack-0.7+debian/opensshlib/hmac.c:191:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2));
data/ncrack-0.7+debian/opensshlib/kex.c:239:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(k->name);
data/ncrack-0.7+debian/opensshlib/kex.c:301:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b) > 1024*1024)
data/ncrack-0.7+debian/opensshlib/kex.c:303:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a) + strlen(b) + 2;
data/ncrack-0.7+debian/opensshlib/kex.c:303:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a) + strlen(b) + 2;
data/ncrack-0.7+debian/opensshlib/log.c:464:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
data/ncrack-0.7+debian/opensshlib/mac.c:96:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(m->name);
data/ncrack-0.7+debian/opensshlib/match.c:124:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int i, subi, len = strlen(pattern);
data/ncrack-0.7+debian/opensshlib/match.c:267:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(c) : (u_int)(cp - c);
data/ncrack-0.7+debian/opensshlib/match.c:275:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*next = strlen(c);
data/ncrack-0.7+debian/opensshlib/misc.c:192:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(*s, *s + 1, strlen(*s)); /* move nul too */
data/ncrack-0.7+debian/opensshlib/misc.c:418:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = *cp + strlen(*cp); /* skip to end (see first case below) */
data/ncrack-0.7+debian/opensshlib/misc.c:441:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*host == '[' && host[strlen(host) - 1] == ']') {
data/ncrack-0.7+debian/opensshlib/misc.c:442:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host[strlen(host) - 1] = '\0';
data/ncrack-0.7+debian/opensshlib/misc.c:565:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pw->pw_dir);
data/ncrack-0.7+debian/opensshlib/misc.c:656:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
data/ncrack-0.7+debian/opensshlib/misc.c:662:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(f) != '\n' && !feof(f))
data/ncrack-0.7+debian/opensshlib/moduli.c:639:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
data/ncrack-0.7+debian/opensshlib/port-net.c:68:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, strlen(name)) == -1) {
data/ncrack-0.7+debian/opensshlib/port-net.c:89:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, strlen(name)) == -1) {
data/ncrack-0.7+debian/opensshlib/sha2.c:92:32: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
data/ncrack-0.7+debian/opensshlib/ssh.c:434:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullhost[strlen(fullhost) - 1] = '\0';
data/ncrack-0.7+debian/opensshlib/ssh.c:585:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/ncrack-0.7+debian/opensshlib/ssh.c:789:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(optarg) == 1)
data/ncrack-0.7+debian/opensshlib/ssh.c:969:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_append(&command, av[i], strlen(av[i]));
data/ncrack-0.7+debian/opensshlib/ssh.c:1129:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
data/ncrack-0.7+debian/opensshlib/ssh.c:1130:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, host, strlen(host)) < 0 ||
data/ncrack-0.7+debian/opensshlib/ssh.c:1131:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
data/ncrack-0.7+debian/opensshlib/ssh.c:1132:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssh_digest_update(md, options.user, strlen(options.user)) < 0 ||
data/ncrack-0.7+debian/opensshlib/ssh.c:2038:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pwname, strlen(pwname));
data/ncrack-0.7+debian/opensshlib/ssh.c:2040:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pwdir, strlen(pwdir));
data/ncrack-0.7+debian/opensshlib/sshbuf-getput-basic.c:366:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v));
data/ncrack-0.7+debian/opensshlib/sshbuf-misc.c:120:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(b64);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:557:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(client_version_string)) != strlen(client_version_string))
data/ncrack-0.7+debian/opensshlib/sshconnect.c:557:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(client_version_string)) != strlen(client_version_string))
data/ncrack-0.7+debian/opensshlib/sshconnect.c:571:34: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int remote_major, remote_minor, mismatch;
data/ncrack-0.7+debian/opensshlib/sshconnect.c:616:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = roaming_atomicio(read, connection_in, &buf[i], 1);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:692:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch)
data/ncrack-0.7+debian/opensshlib/sshconnect.c:1204:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/ncrack-0.7+debian/opensshlib/sshconnect.c:1404:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = roundup(strlen(password) + 1, 32);
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:130:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(avail) + 1;
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:918:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:950:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info) > 0)
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:964:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:981:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:986:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(retype, strlen(retype));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:990:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase, strlen(passphrase));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1453:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 0)
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1455:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inst) > 0)
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1479:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(response, strlen(response));
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1803:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (authlist == NULL || strlen(authlist) == 0)
data/ncrack-0.7+debian/opensshlib/sshconnect2.c:1848:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_append(&b, method->name, strlen(method->name));
data/ncrack-0.7+debian/opensshlib/sshkey.c:221:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(kt->name);
data/ncrack-0.7+debian/opensshlib/sshkey.c:972:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(alg) + 1;
data/ncrack-0.7+debian/opensshlib/sshkey.c:997:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, rlen = dgst_raw_len * 3 + strlen(alg) + 2;
data/ncrack-0.7+debian/opensshlib/sshkey.c:1106:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(augmentation_string) - 1;
data/ncrack-0.7+debian/opensshlib/sshkey.c:1149:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (r <= 0) ? 0 : strlen(title);
data/ncrack-0.7+debian/opensshlib/sshkey.c:1153:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = (r <= 0) ? 0 : strlen(hash);
data/ncrack-0.7+debian/opensshlib/sshkey.c:1350:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*cpp = cp + strlen(cp);
data/ncrack-0.7+debian/opensshlib/sshkey.c:3127:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (passphrase == NULL || !strlen(passphrase)) {
data/ncrack-0.7+debian/opensshlib/sshkey.c:3157:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bcrypt_pbkdf(passphrase, strlen(passphrase),
data/ncrack-0.7+debian/opensshlib/sshkey.c:3224:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(b64); i++) {
data/ncrack-0.7+debian/opensshlib/sshkey.c:3254:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(b64, strlen(b64));
data/ncrack-0.7+debian/opensshlib/sshkey.c:3349:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((passphrase == NULL || strlen(passphrase) == 0) &&
data/ncrack-0.7+debian/opensshlib/sshkey.c:3388:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
data/ncrack-0.7+debian/opensshlib/sshkey.c:3591:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen, len = strlen(_passphrase);
data/ncrack-0.7+debian/opensshlib/strlcat.c:49:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
data/ncrack-0.7+debian/opensshlib/xmalloc.c:101:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/ncrack-0.7+debian/output.cc:347:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int retlen = strlen(str) * 6 + 1;
data/ncrack-0.7+debian/output.cc:397:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(tbuf);
data/ncrack-0.7+debian/output.cc:405:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *) safe_realloc(ret, strlen(ret) + 1);
data/ncrack-0.7+debian/services.cc:167:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tot_len = strlen(exp);
data/ncrack-0.7+debian/services.cc:324:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vi->misc.path = Strndup(temp.misc.path, strlen(temp.misc.path)+1);
data/ncrack-0.7+debian/services.cc:328:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vi->misc.db = Strndup(temp.misc.db, strlen(temp.misc.db)+1);
data/ncrack-0.7+debian/services.cc:332:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vi->misc.domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1);
data/ncrack-0.7+debian/services.cc:371:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->path = Strndup(temp.misc.path, strlen(temp.misc.path)+1);
data/ncrack-0.7+debian/services.cc:377:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->db = Strndup(temp.misc.db, strlen(temp.misc.db)+1);
data/ncrack-0.7+debian/services.cc:383:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->domain = Strndup(temp.misc.domain, strlen(temp.misc.domain)+1);
data/ncrack-0.7+debian/services.cc:423:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->path = Strndup(vi->misc.path, strlen(vi->misc.path));
data/ncrack-0.7+debian/services.cc:428:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->db = Strndup(vi->misc.db, strlen(vi->misc.db));
data/ncrack-0.7+debian/services.cc:433:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
service->domain = Strndup(vi->misc.domain, strlen(vi->misc.domain));
data/ncrack-0.7+debian/services.cc:693:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->misc.path = Strndup(argval, strlen(argval));
data/ncrack-0.7+debian/services.cc:697:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->misc.db = Strndup(argval, strlen(argval));
data/ncrack-0.7+debian/services.cc:699:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->misc.domain = Strndup(argval, strlen(argval));
data/ncrack-0.7+debian/services.cc:769:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_len = strlen(arg);
data/ncrack-0.7+debian/utils.cc:156:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needlelen = (unsigned int) strlen(pneedle);
data/ncrack-0.7+debian/utils.cc:190:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(string);
data/ncrack-0.7+debian/utils.cc:234:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ret, src, size);
data/ncrack-0.7+debian/utils.cc:587:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t unicode_length = (strlen(string) + 1) * 2;
data/ncrack-0.7+debian/utils.cc:589:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(unicode_length < strlen(string))
data/ncrack-0.7+debian/utils.cc:595:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(string); i++)
data/ncrack-0.7+debian/utils.cc:610:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t unicode_length = (strlen(string) + 1) * 2;
data/ncrack-0.7+debian/utils.cc:612:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(unicode_length < strlen(string))
data/ncrack-0.7+debian/utils.cc:618:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(string); i++)
data/ncrack-0.7+debian/utils.cc:670:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strbuf_append(buf, size, offset, s, strlen(s));
data/ncrack-0.7+debian/xml.cc:257:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(repl);
data/ncrack-0.7+debian/xml.cc:316:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(repl);
ANALYSIS SUMMARY:
Hits = 1341
Lines analyzed = 102113 in approximately 3.13 seconds (32589 lines/second)
Physical Source Lines of Code (SLOC) = 62268
Hits@level = [0] 379 [1] 532 [2] 611 [3] 27 [4] 169 [5] 2
Hits@level+ = [0+] 1720 [1+] 1341 [2+] 809 [3+] 198 [4+] 171 [5+] 2
Hits/KSLOC@level+ = [0+] 27.6225 [1+] 21.5359 [2+] 12.9922 [3+] 3.1798 [4+] 2.74619 [5+] 0.0321192
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.