Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openvpn-auth-radius-2.1/UserPlugin.h
Examining data/openvpn-auth-radius-2.1/Exception.h
Examining data/openvpn-auth-radius-2.1/AcctScheduler.h
Examining data/openvpn-auth-radius-2.1/User.cpp
Examining data/openvpn-auth-radius-2.1/PluginContext.h
Examining data/openvpn-auth-radius-2.1/radiusplugin.h
Examining data/openvpn-auth-radius-2.1/UserAcct.cpp
Examining data/openvpn-auth-radius-2.1/UserAcct.h
Examining data/openvpn-auth-radius-2.1/Config.h
Examining data/openvpn-auth-radius-2.1/IpcSocket.cpp
Examining data/openvpn-auth-radius-2.1/Config.cpp
Examining data/openvpn-auth-radius-2.1/AuthenticationProcess.h
Examining data/openvpn-auth-radius-2.1/radiusplugin.cpp
Examining data/openvpn-auth-radius-2.1/AuthenticationProcess.cpp
Examining data/openvpn-auth-radius-2.1/UserPlugin.cpp
Examining data/openvpn-auth-radius-2.1/main.cpp
Examining data/openvpn-auth-radius-2.1/User.h
Examining data/openvpn-auth-radius-2.1/UserAuth.h
Examining data/openvpn-auth-radius-2.1/IpcSocket.h
Examining data/openvpn-auth-radius-2.1/AccountingProcess.h
Examining data/openvpn-auth-radius-2.1/openvpn-plugin.h
Examining data/openvpn-auth-radius-2.1/AcctScheduler.cpp
Examining data/openvpn-auth-radius-2.1/PluginContext.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusServer.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/vsa.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusServer.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/error.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/main.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/utilities/vsa.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/radius.h
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp
Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp
Examining data/openvpn-auth-radius-2.1/Exception.cpp
Examining data/openvpn-auth-radius-2.1/UserAuth.cpp
Examining data/openvpn-auth-radius-2.1/AccountingProcess.cpp
FINAL RESULTS:
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:486:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(exe.c_str())!=0)
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:560:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip3,ip2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:566:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip3,ip2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:255:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip3,ip2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:261:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip3,ip2);
data/openvpn-auth-radius-2.1/UserAcct.cpp:716:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(routestring)!=0)
data/openvpn-auth-radius-2.1/UserAcct.cpp:870:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(routestring)!=0)
data/openvpn-auth-radius-2.1/main.cpp:109:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm acfuser*"); //remove the acf files
data/openvpn-auth-radius-2.1/main.cpp:172:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm acfuser*"); //remove the acf files
data/openvpn-auth-radius-2.1/main.cpp:245:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm acfuser*"); //remove the acf files
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char routes[user->getFramedRoutes().length()+1];
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+4,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+8,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+i, user->getUsername().c_str(),user->getUsername().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+i, user->getCommonname().c_str(),user->getCommonname().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+i, user->getFramedIp().c_str(),user->getFramedIp().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+i, user->getCallingStationId().c_str(),user->getCallingStationId().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:414:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+i, user->getUntrustedPort().c_str(),user->getUntrustedPort().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:428:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:430:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i, route, strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:438:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i, route, strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:451:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i,&value, 4);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:453:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+i, user->getVsaBuf(),user->getVsaBufLen());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:471:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_fifo=open(context->conf.getVsaNamedPipe().c_str(), O_RDWR | O_NONBLOCK);
data/openvpn-auth-radius-2.1/AcctScheduler.cpp:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], newline[512];
data/openvpn-auth-radius-2.1/AcctScheduler.cpp:219:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newline, line+key.length(), strlen(line)-key.length()+1);
data/openvpn-auth-radius-2.1/Config.cpp:87:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(configfile, ios::in);
data/openvpn-auth-radius-2.1/Config.cpp:159:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file2.open(filename.c_str(), ios::in);
data/openvpn-auth-radius-2.1/Config.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet[16]; /**<The subnet which is assigned to the client in topology option.*/
data/openvpn-auth-radius-2.1/Config.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p2p[16]; /**<The OpenVPN server address which is assigned to the client in topology p2p.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:156:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_DIGEST_LENGTH]; //The digest.
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, gcry_md_read(context, GCRY_MD_MD5), MD5_DIGEST_LENGTH);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:224:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, gcry_md_read(context, GCRY_MD_MD5), MD5_DIGEST_LENGTH);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[20]; //An array to convert the datatype.
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:322:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this->value[0]=(unsigned char)atoi(tmpStr);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:333:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this->value[1]=(unsigned char)atoi(tmpStr);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:343:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this->value[2]=(unsigned char)atoi(tmpStr);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:349:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this->value[3]=(unsigned char)atoi(tmpStr);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:363:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,&q,4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:439:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, value, int(value[5])+4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:449:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, value, (this->length-2));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:497:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,ra.value,ra.length-2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:507:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,ra.value,ra.length-2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[11];
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:536:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%u",value);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip2[4],ip3[16];
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:554:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip3,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:559:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip2,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:565:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip2,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:84:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(configfile, ios::in);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:152:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpServer->setAuthPort(atoi(line.substr(9,4).c_str()));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:156:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpServer->setAcctPort(atoi(line.substr(9,4).c_str()));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:164:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpServer->setRetry(atoi(line.substr(6).c_str()));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:172:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpServer->setWait(atoi(line.substr(5).c_str()));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serviceType[2]; /**<The service type which is set in the radius packet.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedProtocol[2]; /**<The framed protocol which is set in the radius packet as an attribute.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nasPortType[2]; /**<The nas port type which is set in radius packet.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nasIdentifier[128]; /**<The nas identifier which is set in the radius packet.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nasIpAddress[16]; /**<The nas ipaddress which is set in the radius packet.*/
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:334:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->authenticator,recvbuffer+4,RADIUS_PACKET_AUTHENTICATOR_LEN);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->authenticator, this->req_authenticator, 16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&(remoteServAddr.sin_addr.s_addr),h->h_addr_list[0],h->h_length);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:598:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->sendbuffer+4, gcry_md_read(context, GCRY_MD_MD5), 16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:599:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->authenticator, this->sendbuffer+4, 16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:630:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom",O_RDONLY);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:665:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpy_recvpacket, this->recvbuffer, this->recvbufferlen);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:668:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpy_recvpacket+4, this->sendbuffer+4, 16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->id,&tmp_id,4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->id, v, 4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value, v+6, (int(this->length)-2));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->id, ra.id, 4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,ra.value,ra.length-2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->id, ra.id, 4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,ra.value,ra.length-2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,value,length);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:230:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->value,&tmp_value,4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip2[4],ip3[16];
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:249:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip3,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:254:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip2,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:260:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ip2,"%i",num);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_str, this->value, this->length-2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvsa,this->id,4);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvsa+4,&(this->type),1);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvsa+5,&(this->length),1);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvsa+6, this->value,this->length-2);
data/openvpn-auth-radius-2.1/User.cpp:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->vsabuf, u.vsabuf, this->vsabuflen);
data/openvpn-auth-radius-2.1/User.cpp:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->vsabuf, u.vsabuf, this->vsabuflen);
data/openvpn-auth-radius-2.1/User.cpp:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->vsabuf, value, len);
data/openvpn-auth-radius-2.1/User.cpp:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_vsa, this->vsabuf, this->vsabuflen);
data/openvpn-auth-radius-2.1/User.cpp:285:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->vsabuf, old_vsa, this->vsabuflen);
data/openvpn-auth-radius-2.1/User.cpp:286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((this->vsabuf+this->vsabuflen), value, len);
data/openvpn-auth-radius-2.1/UserAcct.cpp:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedip[16];
data/openvpn-auth-radius-2.1/UserAcct.cpp:599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char routestring[100];
data/openvpn-auth-radius-2.1/UserAcct.cpp:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framednetmask_cidr[3];
data/openvpn-auth-radius-2.1/UserAcct.cpp:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedgw[16];
data/openvpn-auth-radius-2.1/UserAcct.cpp:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedmetric[5];
data/openvpn-auth-radius-2.1/UserAcct.cpp:750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedip[16];
data/openvpn-auth-radius-2.1/UserAcct.cpp:752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char routestring[100];
data/openvpn-auth-radius-2.1/UserAcct.cpp:753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framednetmask_cidr[3];
data/openvpn-auth-radius-2.1/UserAcct.cpp:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedgw[16];
data/openvpn-auth-radius-2.1/UserAcct.cpp:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedmetric[5];
data/openvpn-auth-radius-2.1/UserAuth.cpp:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
data/openvpn-auth-radius-2.1/UserAuth.cpp:941:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", vsa->intFromBuf());
data/openvpn-auth-radius-2.1/UserAuth.cpp:955:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", vsa->intFromBuf());
data/openvpn-auth-radius-2.1/UserAuth.cpp:1487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedip[16];
data/openvpn-auth-radius-2.1/UserAuth.cpp:1488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring[100];
data/openvpn-auth-radius-2.1/UserAuth.cpp:1492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedroutes[4096];
data/openvpn-auth-radius-2.1/UserAuth.cpp:1493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framednetmask_cidr[3]; // ->/24
data/openvpn-auth-radius-2.1/UserAuth.cpp:1494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framednetmask[16]; // ->255.255.255.0
data/openvpn-auth-radius-2.1/UserAuth.cpp:1495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedgw[16];
data/openvpn-auth-radius-2.1/UserAuth.cpp:1496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framedmetric[5]; //what is the biggest metric?
data/openvpn-auth-radius-2.1/UserAuth.cpp:1518:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ccdfile.open(filename.c_str(),ios::out);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1570:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip3, &ip2, 4);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1675:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d2=atoi(framednetmask_cidr);
data/openvpn-auth-radius-2.1/main.cpp:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *env1[10];
data/openvpn-auth-radius-2.1/main.cpp:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *env2[10];
data/openvpn-auth-radius-2.1/main.cpp:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *env3[10];
data/openvpn-auth-radius-2.1/main.cpp:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *env4[10];
data/openvpn-auth-radius-2.1/main.cpp:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[3];
data/openvpn-auth-radius-2.1/main.cpp:143:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file1.open(get_env("auth_control_file", env1));
data/openvpn-auth-radius-2.1/main.cpp:149:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file2.open(get_env("auth_control_file", env2));
data/openvpn-auth-radius-2.1/main.cpp:154:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file3.open(get_env("auth_control_file", env3));
data/openvpn-auth-radius-2.1/main.cpp:159:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file4.open(get_env("auth_control_file", env4));
data/openvpn-auth-radius-2.1/main.cpp:216:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file1.open(get_env("auth_control_file", env1));
data/openvpn-auth-radius-2.1/main.cpp:222:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file2.open(get_env("auth_control_file", env2));
data/openvpn-auth-radius-2.1/main.cpp:227:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file3.open(get_env("auth_control_file", env3));
data/openvpn-auth-radius-2.1/main.cpp:232:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else file4.open(get_env("auth_control_file", env4));
data/openvpn-auth-radius-2.1/radiusplugin.cpp:82:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context->setVerbosity ( atoi ( verb_string ) );
data/openvpn-auth-radius-2.1/radiusplugin.cpp:932:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/openvpn-auth-radius-2.1/radiusplugin.cpp:933:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[33]; //The digest.
data/openvpn-auth-radius-2.1/radiusplugin.cpp:952:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( digest, gcry_md_read ( context, GCRY_MD_MD5 ), 16 );
data/openvpn-auth-radius-2.1/radiusplugin.cpp:1199:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename.c_str(),ios::out);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:341:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:345:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen=buflen+strlen(route)+2*sizeof(int);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:348:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen=buflen+strlen(route)+2*sizeof(int);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:419:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length());
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:427:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = htonl(strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:430:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf+i, route, strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:431:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=i+strlen(route);
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:437:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = htonl(strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:440:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf+i, route, strlen(route));
data/openvpn-auth-radius-2.1/AccountingProcess.cpp:441:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=i+strlen(route);
data/openvpn-auth-radius-2.1/AcctScheduler.cpp:219:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(newline, line+key.length(), strlen(line)-key.length()+1);
data/openvpn-auth-radius-2.1/Config.cpp:349:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->subnet,ip, 16);
data/openvpn-auth-radius-2.1/Config.cpp:366:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->p2p,ip, 16);
data/openvpn-auth-radius-2.1/IpcSocket.cpp:151:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(this->socket, &num, sizeof(int));
data/openvpn-auth-radius-2.1/IpcSocket.cpp:177:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(this->socket,&len,sizeof(ssize_t));
data/openvpn-auth-radius-2.1/IpcSocket.cpp:186:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (this->socket, buffer, len);
data/openvpn-auth-radius-2.1/IpcSocket.cpp:209:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (this->socket,&len,sizeof(ssize_t));
data/openvpn-auth-radius-2.1/IpcSocket.cpp:218:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (this->socket, user->getVsaBuf(), len);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:180:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_write(context, sharedSecret, strlen(sharedSecret));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:222:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_write(context, sharedSecret, strlen(sharedSecret));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:356:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value)<16)
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:363:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:369:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwordlen=((strlen(value)-(strlen(value)%16))/16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:369:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwordlen=((strlen(value)-(strlen(value)%16))/16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:371:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(value)%16)!=0)
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:380:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:445:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(this->value=new Octet [strlen(value)]))
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:449:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(this->value, value, strlen(value));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:450:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this->length=strlen(value);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:520:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value,s.c_str(),s.size());
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:555:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip3,".");
data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:561:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip3,".");
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:265:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->serviceType, type, 2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:279:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->framedProtocol, proto, 2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:296:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->nasPortType, type, 2);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:312:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->nasIdentifier,identifier, 128);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:329:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this->nasIpAddress,ip, 16);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:596:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_write(context, secret, strlen(secret));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:633:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, num, len);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:687:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_write(context, secret, strlen(secret));
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:208:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length=strlen(value);
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:250:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip3,".");
data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:256:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip3,".");
data/openvpn-auth-radius-2.1/UserAcct.cpp:612:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(framedroutes,this->getFramedRoutes().c_str(),this->getFramedRoutes().size());
data/openvpn-auth-radius-2.1/UserAcct.cpp:619:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(route);
data/openvpn-auth-radius-2.1/UserAcct.cpp:697:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, "route del -net ",15);
data/openvpn-auth-radius-2.1/UserAcct.cpp:698:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedip ,16);
data/openvpn-auth-radius-2.1/UserAcct.cpp:699:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(routestring, "/" ,1);
data/openvpn-auth-radius-2.1/UserAcct.cpp:700:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framednetmask_cidr, 2);
data/openvpn-auth-radius-2.1/UserAcct.cpp:701:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, " gw ", 4);
data/openvpn-auth-radius-2.1/UserAcct.cpp:702:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedgw, 16);
data/openvpn-auth-radius-2.1/UserAcct.cpp:705:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, " metric ", 8);
data/openvpn-auth-radius-2.1/UserAcct.cpp:706:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedmetric , 5);
data/openvpn-auth-radius-2.1/UserAcct.cpp:709:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring," 2> /dev/null",13);
data/openvpn-auth-radius-2.1/UserAcct.cpp:765:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(framedroutes,this->getFramedRoutes().c_str(),this->getFramedRoutes().size());
data/openvpn-auth-radius-2.1/UserAcct.cpp:772:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(route);
data/openvpn-auth-radius-2.1/UserAcct.cpp:851:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, "route add -net ",15);
data/openvpn-auth-radius-2.1/UserAcct.cpp:852:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedip ,16);
data/openvpn-auth-radius-2.1/UserAcct.cpp:853:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(routestring, "/" ,1);
data/openvpn-auth-radius-2.1/UserAcct.cpp:854:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framednetmask_cidr, 2);
data/openvpn-auth-radius-2.1/UserAcct.cpp:855:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, " gw ", 4);
data/openvpn-auth-radius-2.1/UserAcct.cpp:856:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedgw, 16);
data/openvpn-auth-radius-2.1/UserAcct.cpp:859:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring, " metric ", 8);
data/openvpn-auth-radius-2.1/UserAcct.cpp:860:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(routestring, framedmetric , 5);
data/openvpn-auth-radius-2.1/UserAcct.cpp:863:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(routestring," 2> /dev/null",13);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1525:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(framedroutes,this->getFramedRoutes().c_str(),4095);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1538:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(ipstring, "ifconfig-push ",14);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1539:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ipstring, this->getFramedIp().c_str() , 15);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1540:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(ipstring, " ", 1);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1545:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ipstring, context->conf.getSubnet() , 15);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1552:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ipstring, context->conf.getP2p() , 15);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1572:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ipstring, inet_ntoa(ip3), 15);
data/openvpn-auth-radius-2.1/UserAuth.cpp:1591:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(route);
data/openvpn-auth-radius-2.1/main.cpp:141:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file1.read (&c1, 1);
data/openvpn-auth-radius-2.1/main.cpp:147:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file2.read (&c2, 1);
data/openvpn-auth-radius-2.1/main.cpp:152:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file3.read (&c3, 1);
data/openvpn-auth-radius-2.1/main.cpp:157:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file4.read(&c4, 1);
data/openvpn-auth-radius-2.1/main.cpp:214:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file1.read (&c1, 1);
data/openvpn-auth-radius-2.1/main.cpp:220:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file2.read (&c2, 1);
data/openvpn-auth-radius-2.1/main.cpp:225:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file3.read (&c3, 1);
data/openvpn-auth-radius-2.1/main.cpp:230:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file4.read(&c4, 1);
data/openvpn-auth-radius-2.1/radiusplugin.cpp:848:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int namelen = strlen ( name );
ANALYSIS SUMMARY:
Hits = 232
Lines analyzed = 17163 in approximately 0.51 seconds (33802 lines/second)
Physical Source Lines of Code (SLOC) = 9643
Hits@level = [0] 43 [1] 82 [2] 140 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 275 [1+] 232 [2+] 150 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 28.5181 [1+] 24.0589 [2+] 15.5553 [3+] 1.03702 [4+] 1.03702 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.