Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pound-3.0/include/utarray.h
Examining data/pound-3.0/include/uthash.h
Examining data/pound-3.0/include/hpack.h
Examining data/pound-3.0/src/hpack.c
Examining data/pound-3.0/src/http2.c
Examining data/pound-3.0/src/http.c
Examining data/pound-3.0/src/config.c
Examining data/pound-3.0/src/backend.c
Examining data/pound-3.0/src/util.c
Examining data/pound-3.0/src/pound.c
FINAL RESULTS:
data/pound-3.0/include/uthash.h:526:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); exit(-1); } while (0)
data/pound-3.0/src/backend.c:59:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(request, msg);
data/pound-3.0/src/backend.c:583:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(client_addr, msg);
data/pound-3.0/src/config.c:41:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXBUF, fmt, ap);
data/pound-3.0/src/http.c:97:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr, msg);
data/pound-3.0/src/http.c:239:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f_client, fmt_body, code, reason, body);
data/pound-3.0/src/http.c:242:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f_client, fmt_empty, code, reason);
data/pound-3.0/src/http.c:276:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(request, buf);
data/pound-3.0/src/util.c:41:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXBUF - 1, fmt, ap);
data/pound-3.0/src/util.c:62:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXBUF - 1, fmt, ap);
data/pound-3.0/src/config.c:617:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c_opt = getopt(argc, argv, "f:cvd:p:")) > 0)
data/pound-3.0/src/http.c:60:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n = random();
data/pound-3.0/src/http.c:108:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n = random();
data/pound-3.0/src/http.c:213:65: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
snprintf(private_name, NI_MAXHOST, "inproc://HTTP_%ld", random() % 10000);
data/pound-3.0/src/pound.c:128:12: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if(chroot(global.root_jail)) {
data/pound-3.0/include/utarray.h:112:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else { memcpy(_utarray_eltptr(a,(a)->i++), p, (a)->icd.sz); }; \
data/pound-3.0/include/utarray.h:140:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else { memcpy(_utarray_eltptr(a,j), p, (a)->icd.sz); }; \
data/pound-3.0/include/utarray.h:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_utarray_eltptr(a,j), _utarray_eltptr(w,0), \
data/pound-3.0/src/backend.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUF + 1], request[MAXBUF + 1], *msg;
data/pound-3.0/src/backend.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUF], *method, *path, *authority, *cp, *tp, *ttp, request[MAXBUF];
data/pound-3.0/src/backend.c:219:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&FRAMESIZE, msg, sizeof(int));
data/pound-3.0/src/backend.c:226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&TABSIZE, msg, sizeof(int));
data/pound-3.0/src/backend.c:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&headers, msg, sizeof(struct hpack_headerblock *));
data/pound-3.0/src/backend.c:286:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&headers, msg, sizeof(struct hpack_headerblock *));
data/pound-3.0/src/backend.c:321:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", reply_code);
data/pound-3.0/src/backend.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, client_addr[NI_MAXHOST], *cp, *saveptr;
data/pound-3.0/src/backend.c:573:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&http_ver, msg, sizeof(int));
data/pound-3.0/src/config.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUF + 1];
data/pound-3.0/src/config.c:57:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| (fin = fopen(fname, "r")) == NULL
data/pound-3.0/src/config.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], port[NI_MAXSERV], redirect[NI_MAXHOST];
data/pound-3.0/src/config.c:144:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.timeout = atoi(yaml_document_get_node(document, cur_pair->value)->data.scalar.value);
data/pound-3.0/src/config.c:147:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.threads = atoi(yaml_document_get_node(document, cur_pair->value)->data.scalar.value);
data/pound-3.0/src/config.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[MAXBUF];
data/pound-3.0/src/config.c:230:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
svc->session = atoi(yaml_document_get_node(document, map_pair->value)->data.scalar.value);
data/pound-3.0/src/config.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], port[NI_MAXSERV];
data/pound-3.0/src/config.c:296:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.client = atoi(yaml_document_get_node(document, map_pairs->value)->data.scalar.value);
data/pound-3.0/src/config.c:299:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.threads = atoi(yaml_document_get_node(document, map_pairs->value)->data.scalar.value);
data/pound-3.0/src/config.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NI_MAXHOST];
data/pound-3.0/src/config.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[NI_MAXHOST], port[NI_MAXSERV];
data/pound-3.0/src/config.c:515:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.client = atoi(yaml_document_get_node(document, map_pairs->value)->data.scalar.value);
data/pound-3.0/src/config.c:518:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res.threads = atoi(yaml_document_get_node(document, map_pairs->value)->data.scalar.value);
data/pound-3.0/src/config.c:631:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global.log_level = atoi(optarg);
data/pound-3.0/src/config.c:653:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f_in = fopen(f_conf, "r")) == NULL)
data/pound-3.0/src/config.c:683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&backends[i], be, sizeof(BACKEND));
data/pound-3.0/src/config.c:702:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&http_listeners[i], http, sizeof(HTTP_LISTENER));
data/pound-3.0/src/hpack.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, ptr, size * (nmemb > oldnmemb? oldnmemb: nmemb));
data/pound-3.0/src/hpack.c:257:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idbuf, id, sizeof(*id));
data/pound-3.0/src/hpack.c:517:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, ptr, (size_t)i);
data/pound-3.0/src/hpack.c:1034:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, data, len);
data/pound-3.0/src/hpack.c:1082:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->wpos, data, len);
data/pound-3.0/src/http.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, addr[NI_MAXHOST];
data/pound-3.0/src/http.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, private_name[NI_MAXHOST], buf[MAXBUF], *method, *path;
data/pound-3.0/src/http.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, *headers[MAXHEADERS], private_name[NI_MAXHOST], request[MAXBUF], buf[MAXBUF];
data/pound-3.0/src/http.c:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, peer_name[NI_MAXHOST], crt_buf[MAXBUF];
data/pound-3.0/src/pound.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NI_MAXHOST], port[NI_MAXSERV], *msg;
data/pound-3.0/src/pound.c:119:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f_pid = fopen(global.pid, "w")) == NULL)
data/pound-3.0/src/util.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUF];
data/pound-3.0/src/util.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUF];
data/pound-3.0/src/util.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char be_addr[NI_MAXHOST];
data/pound-3.0/include/uthash.h:92:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uthash_strlen(s) strlen(s)
data/pound-3.0/src/backend.c:89:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:101:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:114:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:117:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(buf);
data/pound-3.0/src/backend.c:124:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, be->add_header, strlen(be->add_header), 0);
data/pound-3.0/src/backend.c:127:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(be->add_header) + 2;
data/pound-3.0/src/backend.c:131:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(buf);
data/pound-3.0/src/backend.c:150:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:151:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(buf);
data/pound-3.0/src/backend.c:174:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_listener, buf, strlen(buf), 0);
data/pound-3.0/src/backend.c:176:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(buf);
data/pound-3.0/src/backend.c:324:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(":status") + strlen(buf);
data/pound-3.0/src/backend.c:324:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(":status") + strlen(buf);
data/pound-3.0/src/backend.c:330:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, be->add_header, MAXBUF);
data/pound-3.0/src/backend.c:339:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/backend.c:339:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/backend.c:364:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/backend.c:364:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/backend.c:454:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/backend.c:454:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += strlen(cp) + strlen(ttp);
data/pound-3.0/src/config.c:138:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr, yaml_document_get_node(document, cur_pair->value)->data.scalar.value, NI_MAXHOST);
data/pound-3.0/src/config.c:141:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port, yaml_document_get_node(document, cur_pair->value)->data.scalar.value, NI_MAXSERV);
data/pound-3.0/src/config.c:152:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(res.add_header) == 0)
data/pound-3.0/src/config.c:290:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr, yaml_document_get_node(document, map_pairs->value)->data.scalar.value, NI_MAXHOST);
data/pound-3.0/src/config.c:293:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port, yaml_document_get_node(document, map_pairs->value)->data.scalar.value, NI_MAXSERV);
data/pound-3.0/src/config.c:509:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr, yaml_document_get_node(document, map_pairs->value)->data.scalar.value, NI_MAXHOST);
data/pound-3.0/src/config.c:512:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port, yaml_document_get_node(document, map_pairs->value)->data.scalar.value, NI_MAXSERV);
data/pound-3.0/src/hpack.c:304:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsize = strlen(hdr->hdr_name) + strlen(hdr->hdr_value) + 32;
data/pound-3.0/src/hpack.c:304:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsize = strlen(hdr->hdr_name) + strlen(hdr->hdr_value) + 32;
data/pound-3.0/src/hpack.c:336:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hdr->hdr_name) +
data/pound-3.0/src/hpack.c:337:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hdr->hdr_value) +
data/pound-3.0/src/hpack.c:800:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/pound-3.0/src/hpack.c:931:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != data_len) {
data/pound-3.0/src/http.c:123:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, sessions, cur->addr, strlen(cur->addr), cur);
data/pound-3.0/src/http.c:202:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(http->services[i]->sock_in, peer_name, strlen(peer_name) + 1, 0);
data/pound-3.0/src/http.c:216:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nn_send(be->sock_in, private_name, strlen(private_name) + 1, 0) < 0) {
data/pound-3.0/src/http.c:240:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(fmt_body) + 1 + strlen(reason) + strlen(body);
data/pound-3.0/src/http.c:240:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(fmt_body) + 1 + strlen(reason) + strlen(body);
data/pound-3.0/src/http.c:240:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(fmt_body) + 1 + strlen(reason) + strlen(body);
data/pound-3.0/src/http.c:243:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(fmt_empty) + 1 + strlen(reason);
data/pound-3.0/src/http.c:243:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(fmt_empty) + 1 + strlen(reason);
data/pound-3.0/src/http.c:277:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncasecmp(request, "CONNECT", strlen("CONNECT"))) {
data/pound-3.0/src/http.c:303:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(global.err405, 1, strlen(global.err405), f_client);
data/pound-3.0/src/http.c:316:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncasecmp(buf, "Upgrade:", strlen("Upgrade:"))) {
data/pound-3.0/src/http.c:320:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(!strncasecmp(buf, "Connection:", strlen("Connection:"))) {
data/pound-3.0/src/http.c:402:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, peer_name, strlen(peer_name) + 1, 0);
data/pound-3.0/src/http.c:403:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, request, strlen(request) + 1, 0);
data/pound-3.0/src/http.c:407:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, crt_buf, strlen(crt_buf) + 1, 0);
data/pound-3.0/src/http.c:413:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, headers[i], strlen(headers[i]) + 1, 0);
data/pound-3.0/src/http.c:444:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, buf, strlen(buf) + 1, 0);
data/pound-3.0/src/http.c:448:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(s_private, buf, strlen(buf) + 1, 0);
data/pound-3.0/src/http2.c:98:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((cin = getc(f)) == EOF)
data/pound-3.0/src/http2.c:181:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rep.length = strlen(body);
data/pound-3.0/src/http2.c:513:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn_send(as->s_be, peer_name, strlen(peer_name) + 1, 0);
data/pound-3.0/src/util.c:164:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, host_name, host_len);
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 6105 in approximately 0.21 seconds (28718 lines/second)
Physical Source Lines of Code (SLOC) = 5065
Hits@level = [0] 47 [1] 57 [2] 44 [3] 5 [4] 10 [5] 0
Hits@level+ = [0+] 163 [1+] 116 [2+] 59 [3+] 15 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 32.1816 [1+] 22.9023 [2+] 11.6486 [3+] 2.9615 [4+] 1.97433 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.