Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/openvpn-auth-radius-2.1/UserPlugin.h Examining data/openvpn-auth-radius-2.1/Exception.h Examining data/openvpn-auth-radius-2.1/AcctScheduler.h Examining data/openvpn-auth-radius-2.1/User.cpp Examining data/openvpn-auth-radius-2.1/PluginContext.h Examining data/openvpn-auth-radius-2.1/radiusplugin.h Examining data/openvpn-auth-radius-2.1/UserAcct.cpp Examining data/openvpn-auth-radius-2.1/UserAcct.h Examining data/openvpn-auth-radius-2.1/Config.h Examining data/openvpn-auth-radius-2.1/IpcSocket.cpp Examining data/openvpn-auth-radius-2.1/Config.cpp Examining data/openvpn-auth-radius-2.1/AuthenticationProcess.h Examining data/openvpn-auth-radius-2.1/radiusplugin.cpp Examining data/openvpn-auth-radius-2.1/AuthenticationProcess.cpp Examining data/openvpn-auth-radius-2.1/UserPlugin.cpp Examining data/openvpn-auth-radius-2.1/main.cpp Examining data/openvpn-auth-radius-2.1/User.h Examining data/openvpn-auth-radius-2.1/UserAuth.h Examining data/openvpn-auth-radius-2.1/IpcSocket.h Examining data/openvpn-auth-radius-2.1/AccountingProcess.h Examining data/openvpn-auth-radius-2.1/openvpn-plugin.h Examining data/openvpn-auth-radius-2.1/AcctScheduler.cpp Examining data/openvpn-auth-radius-2.1/PluginContext.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusServer.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/vsa.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusServer.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/error.h Examining data/openvpn-auth-radius-2.1/RadiusClass/main.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/utilities/vsa.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.h Examining data/openvpn-auth-radius-2.1/RadiusClass/radius.h Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp Examining data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp Examining data/openvpn-auth-radius-2.1/Exception.cpp Examining data/openvpn-auth-radius-2.1/UserAuth.cpp Examining data/openvpn-auth-radius-2.1/AccountingProcess.cpp FINAL RESULTS: data/openvpn-auth-radius-2.1/AccountingProcess.cpp:486:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system(exe.c_str())!=0) data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:560:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ip3,ip2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:566:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ip3,ip2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:255:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ip3,ip2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:261:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ip3,ip2); data/openvpn-auth-radius-2.1/UserAcct.cpp:716:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system(routestring)!=0) data/openvpn-auth-radius-2.1/UserAcct.cpp:870:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system(routestring)!=0) data/openvpn-auth-radius-2.1/main.cpp:109:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("rm acfuser*"); //remove the acf files data/openvpn-auth-radius-2.1/main.cpp:172:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("rm acfuser*"); //remove the acf files data/openvpn-auth-radius-2.1/main.cpp:245:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("rm acfuser*"); //remove the acf files data/openvpn-auth-radius-2.1/AccountingProcess.cpp:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char routes[user->getFramedRoutes().length()+1]; data/openvpn-auth-radius-2.1/AccountingProcess.cpp:354:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+4,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:360:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+8,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:367:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:370:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf+i, user->getUsername().c_str(),user->getUsername().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:378:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf+i, user->getCommonname().c_str(),user->getCommonname().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:389:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:392:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:394:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf+i, user->getFramedIp().c_str(),user->getFramedIp().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:400:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:403:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:405:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf+i, user->getCallingStationId().c_str(),user->getCallingStationId().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:411:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:414:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf+i, user->getUntrustedPort().c_str(),user->getUntrustedPort().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:428:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:430:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i, route, strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:435:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:438:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:440:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i, route, strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:451:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i,&value, 4); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:453:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+i, user->getVsaBuf(),user->getVsaBufLen()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:471:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd_fifo=open(context->conf.getVsaNamedPipe().c_str(), O_RDWR | O_NONBLOCK); data/openvpn-auth-radius-2.1/AcctScheduler.cpp:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512], newline[512]; data/openvpn-auth-radius-2.1/AcctScheduler.cpp:219:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newline, line+key.length(), strlen(line)-key.length()+1); data/openvpn-auth-radius-2.1/Config.cpp:87:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(configfile, ios::in); data/openvpn-auth-radius-2.1/Config.cpp:159:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file2.open(filename.c_str(), ios::in); data/openvpn-auth-radius-2.1/Config.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subnet[16]; /**<The subnet which is assigned to the client in topology option.*/ data/openvpn-auth-radius-2.1/Config.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p2p[16]; /**<The OpenVPN server address which is assigned to the client in topology p2p.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:156:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD5_DIGEST_LENGTH]; //The digest. data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, gcry_md_read(context, GCRY_MD_MD5), MD5_DIGEST_LENGTH); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:224:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, gcry_md_read(context, GCRY_MD_MD5), MD5_DIGEST_LENGTH); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpStr[20]; //An array to convert the datatype. data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:322:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). this->value[0]=(unsigned char)atoi(tmpStr); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:333:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). this->value[1]=(unsigned char)atoi(tmpStr); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:343:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). this->value[2]=(unsigned char)atoi(tmpStr); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:349:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). this->value[3]=(unsigned char)atoi(tmpStr); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:363:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:428:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,&q,4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:439:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, value, int(value[5])+4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:449:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:475:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, value, (this->length-2)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:497:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,ra.value,ra.length-2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:507:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,ra.value,ra.length-2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[11]; data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:536:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(num,"%u",value); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:547:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip2[4],ip3[16]; data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:554:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip3,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:559:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip2,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:565:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip2,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:84:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(configfile, ios::in); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:152:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmpServer->setAuthPort(atoi(line.substr(9,4).c_str())); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:156:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmpServer->setAcctPort(atoi(line.substr(9,4).c_str())); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:164:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmpServer->setRetry(atoi(line.substr(6).c_str())); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:172:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmpServer->setWait(atoi(line.substr(5).c_str())); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serviceType[2]; /**<The service type which is set in the radius packet.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedProtocol[2]; /**<The framed protocol which is set in the radius packet as an attribute.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nasPortType[2]; /**<The nas port type which is set in radius packet.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nasIdentifier[128]; /**<The nas identifier which is set in the radius packet.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.h:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nasIpAddress[16]; /**<The nas ipaddress which is set in the radius packet.*/ data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:334:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->authenticator,recvbuffer+4,RADIUS_PACKET_AUTHENTICATOR_LEN); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:411:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->authenticator, this->req_authenticator, 16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)&(remoteServAddr.sin_addr.s_addr),h->h_addr_list[0],h->h_length); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:598:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->sendbuffer+4, gcry_md_read(context, GCRY_MD_MD5), 16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:599:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->authenticator, this->sendbuffer+4, 16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:630:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/urandom",O_RDONLY); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:665:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpy_recvpacket, this->recvbuffer, this->recvbufferlen); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:668:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpy_recvpacket+4, this->sendbuffer+4, 16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->id,&tmp_id,4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->id, v, 4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value, v+6, (int(this->length)-2)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->id, ra.id, 4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,ra.value,ra.length-2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->id, ra.id, 4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:199:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,ra.value,ra.length-2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:214:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,value,length); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:230:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->value,&tmp_value,4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip2[4],ip3[16]; data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:249:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip3,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:254:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip2,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:260:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ip2,"%i",num); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_str, this->value, this->length-2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:284:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rvsa,this->id,4); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:285:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rvsa+4,&(this->type),1); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:286:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rvsa+5,&(this->length),1); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rvsa+6, this->value,this->length-2); data/openvpn-auth-radius-2.1/User.cpp:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->vsabuf, u.vsabuf, this->vsabuflen); data/openvpn-auth-radius-2.1/User.cpp:118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->vsabuf, u.vsabuf, this->vsabuflen); data/openvpn-auth-radius-2.1/User.cpp:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->vsabuf, value, len); data/openvpn-auth-radius-2.1/User.cpp:282:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_vsa, this->vsabuf, this->vsabuflen); data/openvpn-auth-radius-2.1/User.cpp:285:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->vsabuf, old_vsa, this->vsabuflen); data/openvpn-auth-radius-2.1/User.cpp:286:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((this->vsabuf+this->vsabuflen), value, len); data/openvpn-auth-radius-2.1/UserAcct.cpp:597:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedip[16]; data/openvpn-auth-radius-2.1/UserAcct.cpp:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char routestring[100]; data/openvpn-auth-radius-2.1/UserAcct.cpp:600:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framednetmask_cidr[3]; data/openvpn-auth-radius-2.1/UserAcct.cpp:601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedgw[16]; data/openvpn-auth-radius-2.1/UserAcct.cpp:602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedmetric[5]; data/openvpn-auth-radius-2.1/UserAcct.cpp:750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedip[16]; data/openvpn-auth-radius-2.1/UserAcct.cpp:752:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char routestring[100]; data/openvpn-auth-radius-2.1/UserAcct.cpp:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framednetmask_cidr[3]; data/openvpn-auth-radius-2.1/UserAcct.cpp:754:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedgw[16]; data/openvpn-auth-radius-2.1/UserAcct.cpp:755:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedmetric[5]; data/openvpn-auth-radius-2.1/UserAuth.cpp:310:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/openvpn-auth-radius-2.1/UserAuth.cpp:941:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", vsa->intFromBuf()); data/openvpn-auth-radius-2.1/UserAuth.cpp:955:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", vsa->intFromBuf()); data/openvpn-auth-radius-2.1/UserAuth.cpp:1487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedip[16]; data/openvpn-auth-radius-2.1/UserAuth.cpp:1488:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipstring[100]; data/openvpn-auth-radius-2.1/UserAuth.cpp:1492:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedroutes[4096]; data/openvpn-auth-radius-2.1/UserAuth.cpp:1493:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framednetmask_cidr[3]; // ->/24 data/openvpn-auth-radius-2.1/UserAuth.cpp:1494:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framednetmask[16]; // ->255.255.255.0 data/openvpn-auth-radius-2.1/UserAuth.cpp:1495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedgw[16]; data/openvpn-auth-radius-2.1/UserAuth.cpp:1496:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char framedmetric[5]; //what is the biggest metric? data/openvpn-auth-radius-2.1/UserAuth.cpp:1518:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ccdfile.open(filename.c_str(),ios::out); data/openvpn-auth-radius-2.1/UserAuth.cpp:1570:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip3, &ip2, 4); data/openvpn-auth-radius-2.1/UserAuth.cpp:1675:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d2=atoi(framednetmask_cidr); data/openvpn-auth-radius-2.1/main.cpp:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *env1[10]; data/openvpn-auth-radius-2.1/main.cpp:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *env2[10]; data/openvpn-auth-radius-2.1/main.cpp:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *env3[10]; data/openvpn-auth-radius-2.1/main.cpp:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *env4[10]; data/openvpn-auth-radius-2.1/main.cpp:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[3]; data/openvpn-auth-radius-2.1/main.cpp:143:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file1.open(get_env("auth_control_file", env1)); data/openvpn-auth-radius-2.1/main.cpp:149:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file2.open(get_env("auth_control_file", env2)); data/openvpn-auth-radius-2.1/main.cpp:154:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file3.open(get_env("auth_control_file", env3)); data/openvpn-auth-radius-2.1/main.cpp:159:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file4.open(get_env("auth_control_file", env4)); data/openvpn-auth-radius-2.1/main.cpp:216:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file1.open(get_env("auth_control_file", env1)); data/openvpn-auth-radius-2.1/main.cpp:222:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file2.open(get_env("auth_control_file", env2)); data/openvpn-auth-radius-2.1/main.cpp:227:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file3.open(get_env("auth_control_file", env3)); data/openvpn-auth-radius-2.1/main.cpp:232:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else file4.open(get_env("auth_control_file", env4)); data/openvpn-auth-radius-2.1/radiusplugin.cpp:82:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). context->setVerbosity ( atoi ( verb_string ) ); data/openvpn-auth-radius-2.1/radiusplugin.cpp:932:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[16]; data/openvpn-auth-radius-2.1/radiusplugin.cpp:933:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[33]; //The digest. data/openvpn-auth-radius-2.1/radiusplugin.cpp:952:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( digest, gcry_md_read ( context, GCRY_MD_MD5 ), 16 ); data/openvpn-auth-radius-2.1/radiusplugin.cpp:1199:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(filename.c_str(),ios::out); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:341:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:345:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen=buflen+strlen(route)+2*sizeof(int); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:348:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen=buflen+strlen(route)+2*sizeof(int); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:419:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length()); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:427:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = htonl(strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:430:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buf+i, route, strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:431:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=i+strlen(route); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:437:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = htonl(strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:440:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buf+i, route, strlen(route)); data/openvpn-auth-radius-2.1/AccountingProcess.cpp:441:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=i+strlen(route); data/openvpn-auth-radius-2.1/AcctScheduler.cpp:219:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(newline, line+key.length(), strlen(line)-key.length()+1); data/openvpn-auth-radius-2.1/Config.cpp:349:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->subnet,ip, 16); data/openvpn-auth-radius-2.1/Config.cpp:366:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->p2p,ip, 16); data/openvpn-auth-radius-2.1/IpcSocket.cpp:151:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read(this->socket, &num, sizeof(int)); data/openvpn-auth-radius-2.1/IpcSocket.cpp:177:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read(this->socket,&len,sizeof(ssize_t)); data/openvpn-auth-radius-2.1/IpcSocket.cpp:186:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read (this->socket, buffer, len); data/openvpn-auth-radius-2.1/IpcSocket.cpp:209:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read (this->socket,&len,sizeof(ssize_t)); data/openvpn-auth-radius-2.1/IpcSocket.cpp:218:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size = read (this->socket, user->getVsaBuf(), len); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:180:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcry_md_write(context, sharedSecret, strlen(sharedSecret)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:222:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcry_md_write(context, sharedSecret, strlen(sharedSecret)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:356:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value)<16) data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:363:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:369:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwordlen=((strlen(value)-(strlen(value)%16))/16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:369:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwordlen=((strlen(value)-(strlen(value)%16))/16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:371:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(value)%16)!=0) data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:380:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:445:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!(this->value=new Octet [strlen(value)])) data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:449:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(this->value, value, strlen(value)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:450:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). this->length=strlen(value); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:520:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(value,s.c_str(),s.size()); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:555:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ip3,"."); data/openvpn-auth-radius-2.1/RadiusClass/RadiusAttribute.cpp:561:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ip3,"."); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:265:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->serviceType, type, 2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:279:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->framedProtocol, proto, 2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:296:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->nasPortType, type, 2); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:312:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->nasIdentifier,identifier, 128); data/openvpn-auth-radius-2.1/RadiusClass/RadiusConfig.cpp:329:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(this->nasIpAddress,ip, 16); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:596:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcry_md_write(context, secret, strlen(secret)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:633:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, num, len); data/openvpn-auth-radius-2.1/RadiusClass/RadiusPacket.cpp:687:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcry_md_write(context, secret, strlen(secret)); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:208:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length=strlen(value); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:250:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ip3,"."); data/openvpn-auth-radius-2.1/RadiusClass/RadiusVendorSpecificAttribute.cpp:256:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ip3,"."); data/openvpn-auth-radius-2.1/UserAcct.cpp:612:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(framedroutes,this->getFramedRoutes().c_str(),this->getFramedRoutes().size()); data/openvpn-auth-radius-2.1/UserAcct.cpp:619:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(route); data/openvpn-auth-radius-2.1/UserAcct.cpp:697:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, "route del -net ",15); data/openvpn-auth-radius-2.1/UserAcct.cpp:698:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedip ,16); data/openvpn-auth-radius-2.1/UserAcct.cpp:699:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(routestring, "/" ,1); data/openvpn-auth-radius-2.1/UserAcct.cpp:700:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framednetmask_cidr, 2); data/openvpn-auth-radius-2.1/UserAcct.cpp:701:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, " gw ", 4); data/openvpn-auth-radius-2.1/UserAcct.cpp:702:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedgw, 16); data/openvpn-auth-radius-2.1/UserAcct.cpp:705:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, " metric ", 8); data/openvpn-auth-radius-2.1/UserAcct.cpp:706:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedmetric , 5); data/openvpn-auth-radius-2.1/UserAcct.cpp:709:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring," 2> /dev/null",13); data/openvpn-auth-radius-2.1/UserAcct.cpp:765:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(framedroutes,this->getFramedRoutes().c_str(),this->getFramedRoutes().size()); data/openvpn-auth-radius-2.1/UserAcct.cpp:772:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(route); data/openvpn-auth-radius-2.1/UserAcct.cpp:851:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, "route add -net ",15); data/openvpn-auth-radius-2.1/UserAcct.cpp:852:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedip ,16); data/openvpn-auth-radius-2.1/UserAcct.cpp:853:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(routestring, "/" ,1); data/openvpn-auth-radius-2.1/UserAcct.cpp:854:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framednetmask_cidr, 2); data/openvpn-auth-radius-2.1/UserAcct.cpp:855:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, " gw ", 4); data/openvpn-auth-radius-2.1/UserAcct.cpp:856:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedgw, 16); data/openvpn-auth-radius-2.1/UserAcct.cpp:859:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring, " metric ", 8); data/openvpn-auth-radius-2.1/UserAcct.cpp:860:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(routestring, framedmetric , 5); data/openvpn-auth-radius-2.1/UserAcct.cpp:863:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(routestring," 2> /dev/null",13); data/openvpn-auth-radius-2.1/UserAuth.cpp:1525:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(framedroutes,this->getFramedRoutes().c_str(),4095); data/openvpn-auth-radius-2.1/UserAuth.cpp:1538:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(ipstring, "ifconfig-push ",14); data/openvpn-auth-radius-2.1/UserAuth.cpp:1539:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ipstring, this->getFramedIp().c_str() , 15); data/openvpn-auth-radius-2.1/UserAuth.cpp:1540:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(ipstring, " ", 1); data/openvpn-auth-radius-2.1/UserAuth.cpp:1545:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ipstring, context->conf.getSubnet() , 15); data/openvpn-auth-radius-2.1/UserAuth.cpp:1552:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ipstring, context->conf.getP2p() , 15); data/openvpn-auth-radius-2.1/UserAuth.cpp:1572:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ipstring, inet_ntoa(ip3), 15); data/openvpn-auth-radius-2.1/UserAuth.cpp:1591:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(route); data/openvpn-auth-radius-2.1/main.cpp:141:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file1.read (&c1, 1); data/openvpn-auth-radius-2.1/main.cpp:147:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file2.read (&c2, 1); data/openvpn-auth-radius-2.1/main.cpp:152:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file3.read (&c3, 1); data/openvpn-auth-radius-2.1/main.cpp:157:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file4.read(&c4, 1); data/openvpn-auth-radius-2.1/main.cpp:214:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file1.read (&c1, 1); data/openvpn-auth-radius-2.1/main.cpp:220:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file2.read (&c2, 1); data/openvpn-auth-radius-2.1/main.cpp:225:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file3.read (&c3, 1); data/openvpn-auth-radius-2.1/main.cpp:230:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file4.read(&c4, 1); data/openvpn-auth-radius-2.1/radiusplugin.cpp:848:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int namelen = strlen ( name ); ANALYSIS SUMMARY: Hits = 232 Lines analyzed = 17163 in approximately 0.51 seconds (33802 lines/second) Physical Source Lines of Code (SLOC) = 9643 Hits@level = [0] 43 [1] 82 [2] 140 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 275 [1+] 232 [2+] 150 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 28.5181 [1+] 24.0589 [2+] 15.5553 [3+] 1.03702 [4+] 1.03702 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.