Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pidgin-librvp-0.9.7cvs/compat.h
Examining data/pidgin-librvp-0.9.7cvs/digest_access_auth.c
Examining data/pidgin-librvp-0.9.7cvs/digest_access_auth.h
Examining data/pidgin-librvp-0.9.7cvs/getntlm.c
Examining data/pidgin-librvp-0.9.7cvs/random.c
Examining data/pidgin-librvp-0.9.7cvs/random.h
Examining data/pidgin-librvp-0.9.7cvs/rvp.c
Examining data/pidgin-librvp-0.9.7cvs/rvp.h
FINAL RESULTS:
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:91:39: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cnonce = g_strdup_printf( "%x%u%x", g_random_int(), (int)time( NULL ),
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:92:29: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_random_int() );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:39:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy( buf, buffer, 16 ); /* MD5 length == 16 */
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:70:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &bits[1][0], &bits[1][1],
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:124:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &a1[i * 2], "%02x", (guint8)a1_b[i] );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &a1[32], g_hash_table_lookup( params, "nonce" ),
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) )], cnonce,
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &hexresp[i * 2], "%02x", (guint8)response[i] );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:256:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &hexresp[i * 2], "%02x", (guint8)response[i] );
data/pidgin-librvp-0.9.7cvs/getntlm.c:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/pidgin-librvp-0.9.7cvs/getntlm.c:285:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, in, n);
data/pidgin-librvp-0.9.7cvs/getntlm.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_bits[64];
data/pidgin-librvp-0.9.7cvs/getntlm.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_bits[64];
data/pidgin-librvp-0.9.7cvs/getntlm.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_key[8];
data/pidgin-librvp-0.9.7cvs/getntlm.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp,challenge,8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp+8,challenge,8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp+16,challenge,8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:422:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/pidgin-librvp-0.9.7cvs/getntlm.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[8];
data/pidgin-librvp-0.9.7cvs/getntlm.c:434:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auth[1024];
data/pidgin-librvp-0.9.7cvs/getntlm.c:435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nt_pw[128];
data/pidgin-librvp-0.9.7cvs/getntlm.c:436:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nt_hpw[22];
data/pidgin-librvp-0.9.7cvs/getntlm.c:437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lm_hpw[22];
data/pidgin-librvp-0.9.7cvs/getntlm.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lm_key[8];
data/pidgin-librvp-0.9.7cvs/getntlm.c:440:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nt_resp[25];
data/pidgin-librvp-0.9.7cvs/getntlm.c:441:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lm_resp[25];
data/pidgin-librvp-0.9.7cvs/getntlm.c:442:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lm_pw[17];
data/pidgin-librvp-0.9.7cvs/getntlm.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom[64];
data/pidgin-librvp-0.9.7cvs/getntlm.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[64];
data/pidgin-librvp-0.9.7cvs/getntlm.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[64];
data/pidgin-librvp-0.9.7cvs/getntlm.c:460:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(challenge,&buffer[24],8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lm_hpw,lm_magic,8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:487:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lm_hpw+8,lm_magic,8);
data/pidgin-librvp-0.9.7cvs/getntlm.c:533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( auth,"NTLMSSP\0", 8 ); /* protocol */
data/pidgin-librvp-0.9.7cvs/getntlm.c:628:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth[i],dom,dom_len);
data/pidgin-librvp-0.9.7cvs/getntlm.c:630:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth[i],user,user_len);
data/pidgin-librvp-0.9.7cvs/getntlm.c:632:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth[i],host,host_len);
data/pidgin-librvp-0.9.7cvs/getntlm.c:634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth[i],lm_resp,24);
data/pidgin-librvp-0.9.7cvs/getntlm.c:636:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auth[i],nt_resp,24);
data/pidgin-librvp-0.9.7cvs/getntlm.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,"NTLM ", 5);
data/pidgin-librvp-0.9.7cvs/getntlm.c:667:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( msg.signature, "NTLMSSP\0", 8 );
data/pidgin-librvp-0.9.7cvs/getntlm.c:686:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( blob, (unsigned char *)&msg, sizeof( struct _msg1 ));
data/pidgin-librvp-0.9.7cvs/getntlm.c:687:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &blob[sizeof( struct _msg1 )], host, hostlen );
data/pidgin-librvp-0.9.7cvs/getntlm.c:688:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &blob[sizeof( struct _msg1 ) + hostlen], domain, domlen );
data/pidgin-librvp-0.9.7cvs/getntlm.c:690:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer, "NTLM ", 5 );
data/pidgin-librvp-0.9.7cvs/rvp.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char HEX_ELM[17] = { '0','1','2','3','4','5','6','7',
data/pidgin-librvp-0.9.7cvs/rvp.c:168:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char answer[1024];
data/pidgin-librvp-0.9.7cvs/rvp.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/pidgin-librvp-0.9.7cvs/rvp.c:771:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subs_id = atoi((gchar *)sid );
data/pidgin-librvp-0.9.7cvs/rvp.c:776:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi((gchar *)to );
data/pidgin-librvp-0.9.7cvs/rvp.c:1009:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(rd->defaultacl), &(rbuddy->acl), sizeof( guint16 ));
data/pidgin-librvp-0.9.7cvs/rvp.c:1281:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target->subs_id = atoi( subs_id );
data/pidgin-librvp-0.9.7cvs/rvp.c:1287:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_t timeout = atol( lifetime );
data/pidgin-librvp-0.9.7cvs/rvp.c:1319:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
guint32 s = atoi( (gchar *)&val[i] );
data/pidgin-librvp-0.9.7cvs/rvp.c:1374:41: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->view_expiry = atol( (gchar *)to ) +
data/pidgin-librvp-0.9.7cvs/rvp.c:1378:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol((gchar *)to ), to );
data/pidgin-librvp-0.9.7cvs/rvp.c:1389:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->view_id = atol( viewid );
data/pidgin-librvp-0.9.7cvs/rvp.c:1413:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target->mobile_state = atoi((gchar *)v );
data/pidgin-librvp-0.9.7cvs/rvp.c:1781:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inv->outbuffer, &hdr, 3 );
data/pidgin-librvp-0.9.7cvs/rvp.c:1948:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint authcookie = atoi( auth[2] );
data/pidgin-librvp-0.9.7cvs/rvp.c:1995:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
realsize = atoi( &inv->inbuffer[4] );
data/pidgin-librvp-0.9.7cvs/rvp.c:2018:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi( &(inv->inbuffer[4] ));
data/pidgin-librvp-0.9.7cvs/rvp.c:2232:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cookie = atoi( cookiestr );
data/pidgin-librvp-0.9.7cvs/rvp.c:2271:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gaim_xfer_set_size( xfer, atoi( filesize ));
data/pidgin-librvp-0.9.7cvs/rvp.c:2380:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
invite->authcookie = atoi( auth );
data/pidgin-librvp-0.9.7cvs/rvp.c:2401:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( port ), rvp_xfer_connect_callback, xfer );
data/pidgin-librvp-0.9.7cvs/rvp.c:2512:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newopen = g_strdup_printf( "%sFACE='", open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2513:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_free( open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2617:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newopen = g_strdup_printf( "%sCOLOR='#000000'", open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2618:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_free( open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2620:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
len = strlen( open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2626:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 6 ] = bits[b][clen + 2];
data/pidgin-librvp-0.9.7cvs/rvp.c:2629:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 7 ] = bits[b][clen + 1];
data/pidgin-librvp-0.9.7cvs/rvp.c:2632:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 4 ] = bits[b][clen];
data/pidgin-librvp-0.9.7cvs/rvp.c:2635:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 5 ] = bits[b][clen - 1];
data/pidgin-librvp-0.9.7cvs/rvp.c:2638:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 2 ] = bits[b][clen - 2];
data/pidgin-librvp-0.9.7cvs/rvp.c:2641:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[ len - 3 ] = bits[b][clen - 3];
data/pidgin-librvp-0.9.7cvs/rvp.c:2649:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gaim_debug_misc( __FUNCTION__, "applying: %s>%s%s\n", open, mods, close );
data/pidgin-librvp-0.9.7cvs/rvp.c:2651:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msgbody = g_strconcat( open, ">", mods, msg, close, NULL );
data/pidgin-librvp-0.9.7cvs/rvp.c:2652:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_free( open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2977:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rvp_parse_invite( gc, buddy, (char *)parts[1] );
data/pidgin-librvp-0.9.7cvs/rvp.c:3099:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUF_LEN]; /* gaim requirement, alas */
data/pidgin-librvp-0.9.7cvs/rvp.c:3205:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rvpleconst char *emblems[4] = { NULL, NULL, NULL, NULL };
data/pidgin-librvp-0.9.7cvs/rvp.c:3270:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *emblems[4];
data/pidgin-librvp-0.9.7cvs/rvp.c:4293:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rb, dup->proto_data, sizeof( RVPBuddy ));
data/pidgin-librvp-0.9.7cvs/rvp.c:4627:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( args[1], content, content_length );
data/pidgin-librvp-0.9.7cvs/rvp.c:5091:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*content_len = atoi( &p[strlen( "Content-Length: " )]);
data/pidgin-librvp-0.9.7cvs/rvp.c:5299:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cb, callback, strlen( callback ));
data/pidgin-librvp-0.9.7cvs/rvp.c:5566:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
( code = atoi( &gfd->response.header[9] )) > 99 && code < 1000 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5949:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->subs_id = atoi( subs_id );
data/pidgin-librvp-0.9.7cvs/rvp.c:5959:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_t timeout = atol( lifetime );
data/pidgin-librvp-0.9.7cvs/rvp.c:6819:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( buds = fopen( filename, "rb" )) != NULL ) {
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:54:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_param = g_strsplit( &header[strlen( "Digest ")], ",", 0 );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:71:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( bits[1] ) - 1 );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:72:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bits[1][strlen( bits[1] ) - 1] = '\0';
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:74:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( bits[1][strlen( bits[1] ) - 1] == '"' ) {
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:75:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bits[1][strlen( bits[1] ) - 1 ] = '\0';
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:97:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)user, strlen( user ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:100:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( g_hash_table_lookup( params, "realm" )));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:102:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)pass, strlen( pass ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:112:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)user, strlen( user ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:115:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( g_hash_table_lookup( params, "realm" )));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:117:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)pass, strlen( pass ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:121:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1 = g_malloc0( 32 + strlen( g_hash_table_lookup( params, "nonce" )) +
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:122:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( cnonce ) + 1 );
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:129:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( g_hash_table_lookup( params, "nonce" )));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:130:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( &a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) )], cnonce,
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:131:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( cnonce ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:132:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) ) + strlen( cnonce )] = '\0';
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:132:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) ) + strlen( cnonce )] = '\0';
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:161:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)a2, strlen( a2 ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:172:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen( a1 ); i++ ) {
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:180:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "nonce" ), strlen( g_hash_table_lookup( params, "nonce" ) ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:184:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)"00000001", strlen( "00000001" ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:189:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)cnonce, strlen( cnonce ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:193:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "qop" ), strlen( g_hash_table_lookup( params, "qop" ) ));
data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:243:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "nonce" ), strlen( g_hash_table_lookup( params, "nonce" ) ));
data/pidgin-librvp-0.9.7cvs/getntlm.c:463:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0 ; i<strlen(passwd) ; i++ )
data/pidgin-librvp-0.9.7cvs/getntlm.c:469:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdfour(nt_hpw, nt_pw, strlen(passwd)*2);
data/pidgin-librvp-0.9.7cvs/getntlm.c:477:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i<14 && i < strlen(passwd); i++ )
data/pidgin-librvp-0.9.7cvs/getntlm.c:497:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < strlen(domain) ; i++ ) {
data/pidgin-librvp-0.9.7cvs/getntlm.c:507:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < strlen(authid) ; i++ ) {
data/pidgin-librvp-0.9.7cvs/getntlm.c:514:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < strlen(username) ; i++ ) {
data/pidgin-librvp-0.9.7cvs/getntlm.c:526:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < strlen(hostname) ; i++ ) {
data/pidgin-librvp-0.9.7cvs/getntlm.c:664:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint hostlen = strlen( host );
data/pidgin-librvp-0.9.7cvs/getntlm.c:665:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint domlen = strlen( domain );
data/pidgin-librvp-0.9.7cvs/rvp.c:1095:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( headers[ i ] ) == 0 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:1110:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = g_ascii_strdown( bits[ 0 ], strlen( bits[ 0 ] ));
data/pidgin-librvp-0.9.7cvs/rvp.c:1318:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( (gchar *)&val[i] )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:1664:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read( xfer->fd, &(inv->hdr[inv->hdrread]), sizeof( msnftphdr )
data/pidgin-librvp-0.9.7cvs/rvp.c:1695:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read( xfer->fd, *buffer, s );
data/pidgin-librvp-0.9.7cvs/rvp.c:1896:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read( source, &(inv->inbuffer[ inv->inbuflen - 1 ]) , 1 ) > 0 ||
data/pidgin-librvp-0.9.7cvs/rvp.c:2035:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inv->outbuflen = strlen( inv->outbuffer );
data/pidgin-librvp-0.9.7cvs/rvp.c:2126:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inv->outbuflen = strlen( inv->outbuffer );
data/pidgin-librvp-0.9.7cvs/rvp.c:2452:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( msg ) == 0 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2460:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read, written;
data/pidgin-librvp-0.9.7cvs/rvp.c:2461:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *converted = g_convert( msg, strlen( msg ), "UCS-2LE", "UTF-8", &read,
data/pidgin-librvp-0.9.7cvs/rvp.c:2461:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gchar *converted = g_convert( msg, strlen( msg ), "UCS-2LE", "UTF-8", &read,
data/pidgin-librvp-0.9.7cvs/rvp.c:2515:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( newopen );
data/pidgin-librvp-0.9.7cvs/rvp.c:2516:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newopen = g_realloc( newopen, len + strlen( bits[b] ) - 2 );
data/pidgin-librvp-0.9.7cvs/rvp.c:2517:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( c = 3; c < strlen( bits[b] ); c++ ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2533:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( c = 3; c < strlen( bits[b] ); c++ ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2620:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( open );
data/pidgin-librvp-0.9.7cvs/rvp.c:2621:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen( bits[ b ] ) - 3;
data/pidgin-librvp-0.9.7cvs/rvp.c:2771:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( "text/plain" ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2773:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( contenttype ),
data/pidgin-librvp-0.9.7cvs/rvp.c:2789:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( "text/x-msmsgscontrol" ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2792:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( "text/x-msmsgsinvite" ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2795:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( "text/x-imleave" ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2811:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sessid = memmove( sessid, &sessid[1], strlen( sessid ) - 1 );
data/pidgin-librvp-0.9.7cvs/rvp.c:2813:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( sessid[strlen( sessid ) - 2] == '}' ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:2814:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sessid[strlen( sessid ) - 2] = '\0';
data/pidgin-librvp-0.9.7cvs/rvp.c:4605:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node = xmlNewCDataBlock( doc, BAD_CAST msg, strlen( msg ));
data/pidgin-librvp-0.9.7cvs/rvp.c:5091:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*content_len = atoi( &p[strlen( "Content-Length: " )]);
data/pidgin-librvp-0.9.7cvs/rvp.c:5142:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read, i;
data/pidgin-librvp-0.9.7cvs/rvp.c:5150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read = strlen( gfud->request.webdata );
data/pidgin-librvp-0.9.7cvs/rvp.c:5151:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gfud->request.length = read;
data/pidgin-librvp-0.9.7cvs/rvp.c:5156:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bigbuf = g_malloc0( read * 2 );
data/pidgin-librvp-0.9.7cvs/rvp.c:5157:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( i = 0; i < read; i++ ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5162:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
"UTF-8", "UCS-2LE", &read,
data/pidgin-librvp-0.9.7cvs/rvp.c:5233:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( h ) > 0 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5240:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( h ) > 0 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5248:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( h ) > 0 ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5292:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( gfud->request.header ) - 2 +
data/pidgin-librvp-0.9.7cvs/rvp.c:5293:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( callback ) + 1 );
data/pidgin-librvp-0.9.7cvs/rvp.c:5299:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( cb, callback, strlen( callback ));
data/pidgin-librvp-0.9.7cvs/rvp.c:5300:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb[strlen( callback )] = '\0';
data/pidgin-librvp-0.9.7cvs/rvp.c:5325:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = write( sock, buf, strlen( buf ));
data/pidgin-librvp-0.9.7cvs/rvp.c:5326:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( rc != strlen( buf )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5328:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( buf ));
data/pidgin-librvp-0.9.7cvs/rvp.c:5363:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read( sock, &data, 1 ) > 0 || errno == EWOULDBLOCK ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5565:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( gfd->response.header ) >= 12 &&
data/pidgin-librvp-0.9.7cvs/rvp.c:5730:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( rd->domain != NULL && ( strlen( rd->domain ) > 0 )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5782:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( hdr && strlen( hdr )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5817:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( hdr && strlen( hdr )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5887:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( p && !strncmp( p, "text/xml", strlen( "text/xml" ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:5909:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write( gfd->sock, reply, strlen( reply )); /* xxx blocking */
data/pidgin-librvp-0.9.7cvs/rvp.c:6684:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strlen( authhost )) {
data/pidgin-librvp-0.9.7cvs/rvp.c:6702:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( host == NULL || ( strlen( host ) == 0 ))) {
data/pidgin-librvp-0.9.7cvs/rvp.c:6870:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ( line[0] == 'm' && strlen( filename ) > 6 &&
data/pidgin-librvp-0.9.7cvs/rvp.c:6874:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( line[ strlen( line ) - 1] == '\n' ) {
data/pidgin-librvp-0.9.7cvs/rvp.c:6875:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[ strlen( line ) - 1 ] = '\0';
ANALYSIS SUMMARY:
Hits = 182
Lines analyzed = 8789 in approximately 0.23 seconds (37472 lines/second)
Physical Source Lines of Code (SLOC) = 6281
Hits@level = [0] 2 [1] 90 [2] 90 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 184 [1+] 182 [2+] 92 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 29.2947 [1+] 28.9763 [2+] 14.6473 [3+] 0.318421 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.