Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/radsecproxy-1.8.2/tcp.h Examining data/radsecproxy-1.8.2/radsecproxy.c Examining data/radsecproxy-1.8.2/rewrite.c Examining data/radsecproxy-1.8.2/fticks_hashmac.h Examining data/radsecproxy-1.8.2/list.c Examining data/radsecproxy-1.8.2/debug.h Examining data/radsecproxy-1.8.2/tls.h Examining data/radsecproxy-1.8.2/util.c Examining data/radsecproxy-1.8.2/hostport.c Examining data/radsecproxy-1.8.2/tests/t_rewrite.c Examining data/radsecproxy-1.8.2/tests/t_resizeattr.c Examining data/radsecproxy-1.8.2/tests/t_fticks.c Examining data/radsecproxy-1.8.2/tests/t_rewrite_config.c Examining data/radsecproxy-1.8.2/radmsg.h Examining data/radsecproxy-1.8.2/fticks.c Examining data/radsecproxy-1.8.2/udp.c Examining data/radsecproxy-1.8.2/tlv11.c Examining data/radsecproxy-1.8.2/hash.c Examining data/radsecproxy-1.8.2/dtls.h Examining data/radsecproxy-1.8.2/gconfig.h Examining data/radsecproxy-1.8.2/tlscommon.c Examining data/radsecproxy-1.8.2/debug.c Examining data/radsecproxy-1.8.2/list.h Examining data/radsecproxy-1.8.2/radsecproxy.h Examining data/radsecproxy-1.8.2/tcp.c Examining data/radsecproxy-1.8.2/fticks_hashmac.c Examining data/radsecproxy-1.8.2/rewrite.h Examining data/radsecproxy-1.8.2/main.c Examining data/radsecproxy-1.8.2/hostport.h Examining data/radsecproxy-1.8.2/util.h Examining data/radsecproxy-1.8.2/tls.c Examining data/radsecproxy-1.8.2/catgconf.c Examining data/radsecproxy-1.8.2/radsecproxy-hash.c Examining data/radsecproxy-1.8.2/dtls.c Examining data/radsecproxy-1.8.2/tlscommon.h Examining data/radsecproxy-1.8.2/gconfig.c Examining data/radsecproxy-1.8.2/tlv11.h Examining data/radsecproxy-1.8.2/hash.h Examining data/radsecproxy-1.8.2/radmsg.c Examining data/radsecproxy-1.8.2/udp.h Examining data/radsecproxy-1.8.2/fticks.h FINAL RESULTS: data/radsecproxy-1.8.2/catgconf.c:33:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(compact ? "%s=%s;" : "\t%s=%s\n", opt, val); data/radsecproxy-1.8.2/debug.c:175:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "(%s) %s", tidbuf, format); data/radsecproxy-1.8.2/debug.c:209:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(debug_file, format, ap); data/radsecproxy-1.8.2/debug.c:240:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, format); data/radsecproxy-1.8.2/gconfig.c:140:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, dir); data/radsecproxy-1.8.2/gconfig.c:142:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path + strlen(dir) + 1, cfgpath); data/radsecproxy-1.8.2/gconfig.c:528:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(optval, "%s %s", opt, val); data/radsecproxy-1.8.2/radsecproxy.c:2127:6: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execlp(conf->dynamiclookupcommand, conf->dynamiclookupcommand, server->dynamiclookuparg, NULL) < 0) data/radsecproxy-1.8.2/util.c:39:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(prefixfmt ? prefixfmt : "%s: ", prefix); data/radsecproxy-1.8.2/util.c:41:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(charfmt ? charfmt : "%c", s[i]); data/radsecproxy-1.8.2/catgconf.c:59:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "c")) != -1) { data/radsecproxy-1.8.2/radsecproxy-hash.c:49:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hk:")) != -1) { data/radsecproxy-1.8.2/radsecproxy.c:2873:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "c:d:i:fpv")) != -1) { data/radsecproxy-1.8.2/debug.c:88:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen(debug_filepath, "a"); data/radsecproxy-1.8.2/debug.c:142:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug_file = fopen(debug_filepath, "a"); data/radsecproxy-1.8.2/debug.c:162:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tidbuf, "%u", tid); data/radsecproxy-1.8.2/debug.c:171:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. tmp += sprintf(tmp, "%02x", ptid[i]); data/radsecproxy-1.8.2/dtls.c:165:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4], *rad; data/radsecproxy-1.8.2/dtls.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rad, buf, 4); data/radsecproxy-1.8.2/dtls.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/dtls.c:255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/dtls.c:307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/dtls.c:317:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpsrvaddr, srcres, sizeof(struct addrinfo)); data/radsecproxy-1.8.2/dtls.c:385:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[48]; data/radsecproxy-1.8.2/dtls.c:434:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/radsecproxy-1.8.2/dtls.c:443:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/dtls.c:500:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶ms->addr, &from, sizeof(from)); data/radsecproxy-1.8.2/dtls.c:501:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶ms->bind, &to, sizeof(to)); data/radsecproxy-1.8.2/fticks.c:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macout, macin, 9); data/radsecproxy-1.8.2/fticks.c:137:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macout, macin, 9); data/radsecproxy-1.8.2/fticks_hashmac.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) out + iw, "%02x", hash[ir % SHA256_DIGEST_SIZE]); data/radsecproxy-1.8.2/gconfig.c:114:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/radsecproxy-1.8.2/gconfig.c:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line, cf->data + pos, i - pos); data/radsecproxy-1.8.2/gconfig.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/radsecproxy-1.8.2/gconfig.c:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tokens[3], *s; data/radsecproxy-1.8.2/hash.c:52:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->key, key, keylen); data/radsecproxy-1.8.2/hostport.c:111:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plen = atoi(slash + 1); data/radsecproxy-1.8.2/hostport.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radmsg.c:43:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->auth, auth, 16); data/radsecproxy-1.8.2/radmsg.c:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auth, authattr, 16); data/radsecproxy-1.8.2/radmsg.c:139:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(authattr, auth, 16); data/radsecproxy-1.8.2/radmsg.c:155:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[MD5_DIGEST_SIZE]; data/radsecproxy-1.8.2/radmsg.c:213:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p+2, tlv->v, tlv->l); data/radsecproxy-1.8.2/radmsg.c:242:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, msg->auth, 16); data/radsecproxy-1.8.2/radmsg.c:262:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->auth, buf + 4, 16); data/radsecproxy-1.8.2/radmsg.c:317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 4, rqauth, 16); data/radsecproxy-1.8.2/radmsg.c:321:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 4, msg->auth, 16); data/radsecproxy-1.8.2/radmsg.c:326:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 4, msg->auth, 16); data/radsecproxy-1.8.2/radmsg.c:344:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(attrname); data/radsecproxy-1.8.2/radmsg.c:357:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *vendor = atoi(attrname); data/radsecproxy-1.8.2/radmsg.c:363:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *type = atoi(s + 1); data/radsecproxy-1.8.2/radmsg.c:398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, &vendor, 4); data/radsecproxy-1.8.2/radsecproxy-hash.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[80+1]; data/radsecproxy-1.8.2/radsecproxy.c:558:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[MD5_DIGEST_SIZE], *input; data/radsecproxy-1.8.2/radsecproxy.c:583:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in, out, len); data/radsecproxy-1.8.2/radsecproxy.c:592:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[MD5_DIGEST_SIZE]; data/radsecproxy-1.8.2/radsecproxy.c:643:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[MD5_DIGEST_SIZE]; data/radsecproxy-1.8.2/radsecproxy.c:645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plain[255]; data/radsecproxy-1.8.2/radsecproxy.c:684:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(text, plain, len); data/radsecproxy-1.8.2/radsecproxy.c:913:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vendor, attr->v, 4); data/radsecproxy-1.8.2/radsecproxy.c:983:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radsecproxy.c:993:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)logstationid, " stationid "); data/radsecproxy-1.8.2/radsecproxy.c:997:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(logstationid + 11, stationid, 9); data/radsecproxy-1.8.2/radsecproxy.c:1007:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logstationid+11, "undisclosed"); data/radsecproxy-1.8.2/radsecproxy.c:1051:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radsecproxy.c:1193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radsecproxy.c:1235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radsecproxy.c:1249:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rq->rqauth, msg->auth, 16); data/radsecproxy-1.8.2/radsecproxy.c:1395:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/radsecproxy.c:1485:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->v+1, newsalt, 2); data/radsecproxy-1.8.2/radsecproxy.c:1495:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->auth, rqout->rq->rqauth, 16); data/radsecproxy-1.8.2/radsecproxy.c:1502:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->v, rqout->rq->origusername, strlen(rqout->rq->origusername)); data/radsecproxy-1.8.2/radsecproxy.c:2747:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **listenargs[RAD_PROTOCOUNT]; data/radsecproxy-1.8.2/radsecproxy.c:2748:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sourcearg[RAD_PROTOCOUNT]; data/radsecproxy-1.8.2/radsecproxy.c:2930:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_RDWR); data/radsecproxy-1.8.2/radsecproxy.c:2967:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(pidfile, "w"); data/radsecproxy-1.8.2/rewrite.c:36:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). name = atoi(nameval); data/radsecproxy-1.8.2/rewrite.c:43:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). name = atoi(s + 1); data/radsecproxy-1.8.2/rewrite.c:49:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ival = atoi(s); data/radsecproxy-1.8.2/rewrite.c:93:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). name = atoi(nameval); data/radsecproxy-1.8.2/rewrite.c:149:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vendor = atoi(nameval); data/radsecproxy-1.8.2/rewrite.c:332:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vendor, attr->v, 4); data/radsecproxy-1.8.2/rewrite.c:425:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->v + reslen, out + start, i - start); data/radsecproxy-1.8.2/rewrite.c:427:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->v + reslen, in + pfield->rm_so, pfield->rm_eo - pfield->rm_so); data/radsecproxy-1.8.2/rewrite.c:436:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->v + reslen, out + start, i - start); data/radsecproxy-1.8.2/rewrite.c:506:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vendor, attr->v, 4); data/radsecproxy-1.8.2/tcp.c:160:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4], *rad; data/radsecproxy-1.8.2/tcp.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rad, buf, 4); data/radsecproxy-1.8.2/tcp.c:242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tcp.c:277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tcp.c:321:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tests/t_rewrite.c:429:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value2[254]; data/radsecproxy-1.8.2/tests/t_rewrite.c:435:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value2+i, value, 20); data/radsecproxy-1.8.2/tests/t_rewrite.c:437:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value2+i, "and another13\0", 14); data/radsecproxy-1.8.2/tls.c:254:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4], *rad; data/radsecproxy-1.8.2/tls.c:273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rad, buf, 4); data/radsecproxy-1.8.2/tls.c:391:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tls.c:432:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tls.c:485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tlscommon.c:39:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; data/radsecproxy-1.8.2/tlscommon.c:95:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, userdata, pwdlen); data/radsecproxy-1.8.2/tlscommon.c:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &time, sizeof(time_t)); data/radsecproxy-1.8.2/tlscommon.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+sizeof(time_t), peer, SOCKADDRP_SIZE(peer)); data/radsecproxy-1.8.2/tlscommon.c:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie, &now.tv_sec, sizeof(time_t)); data/radsecproxy-1.8.2/tlscommon.c:192:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie + sizeof(time_t), result, resultlength); data/radsecproxy-1.8.2/tlscommon.c:712:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/tlv11.c:30:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->v, v, l); data/radsecproxy-1.8.2/tlv11.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, tlv->v, tlv->l); data/radsecproxy-1.8.2/udp.c:136:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4], *rad = NULL; data/radsecproxy-1.8.2/udp.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/udp.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/radsecproxy-1.8.2/udp.c:304:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&to, reply->from->addr, SOCKADDRP_SIZE(reply->from->addr)); data/radsecproxy-1.8.2/util.c:30:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, s, len); data/radsecproxy-1.8.2/util.c:90:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa4.sin_addr, &sa6->sin6_addr.s6_addr[12], 4); data/radsecproxy-1.8.2/debug.c:174:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(tidbuf) + strlen(format) + 4); data/radsecproxy-1.8.2/debug.c:174:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(tidbuf) + strlen(format) + 4); data/radsecproxy-1.8.2/debug.c:205:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). timebuf[strlen(timebuf) - 1] = '\0'; data/radsecproxy-1.8.2/debug.c:237:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(format); data/radsecproxy-1.8.2/fticks.c:121:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy((char *) macout, "undisclosed", sizeof(macout) - 1); data/radsecproxy-1.8.2/fticks_hashmac.c:41:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha256_update(&ctx, strlen((char *) in), in); data/radsecproxy-1.8.2/fticks_hashmac.c:49:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hmac_sha256_set_key(&ctx, strlen((char *) key), key); data/radsecproxy-1.8.2/fticks_hashmac.c:50:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hmac_sha256_update(&ctx, strlen((char *) in), in); data/radsecproxy-1.8.2/fticks_hashmac.c:89:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in_copy = calloc(1, strlen((const char *) in) + 1); data/radsecproxy-1.8.2/gconfig.c:135:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(dir) + strlen(cfgpath) + 2); data/radsecproxy-1.8.2/gconfig.c:135:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(dir) + strlen(cfgpath) + 2); data/radsecproxy-1.8.2/gconfig.c:141:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path[strlen(dir)] = '/'; data/radsecproxy-1.8.2/gconfig.c:142:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(path + strlen(dir) + 1, cfgpath); data/radsecproxy-1.8.2/gconfig.c:523:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optval = malloc(strlen(opt) + strlen(val) + 2); data/radsecproxy-1.8.2/gconfig.c:523:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optval = malloc(strlen(opt) + strlen(val) + 2); data/radsecproxy-1.8.2/radsecproxy.c:848:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(orig) != attr->l || memcmp(orig, attr->v, attr->l)) data/radsecproxy-1.8.2/radsecproxy.c:1011:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(logstationid+11, (char *)stationid, 128-12); data/radsecproxy-1.8.2/radsecproxy.c:1069:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attr = maketlv(RAD_Attr_Reply_Message, strlen(message), message); data/radsecproxy-1.8.2/radsecproxy.c:1498:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!resizeattr(attr, strlen(rqout->rq->origusername))) { data/radsecproxy-1.8.2/radsecproxy.c:1502:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(attr->v, rqout->rq->origusername, strlen(rqout->rq->origusername)); data/radsecproxy-1.8.2/radsecproxy.c:1909:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value[strlen(value) - 1] == '/') data/radsecproxy-1.8.2/radsecproxy.c:1910:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value[strlen(value) - 1] = '\0'; data/radsecproxy-1.8.2/radsecproxy.c:1919:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). regex = malloc(strlen(value) + n + 3); data/radsecproxy-1.8.2/radsecproxy.c:1960:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (message && strlen(message) > 253) { data/radsecproxy-1.8.2/radsecproxy.c:2879:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '5') data/radsecproxy-1.8.2/rewrite.c:99:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s[strlen(s) - 1] == '/') data/radsecproxy-1.8.2/rewrite.c:100:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s) - 1] = '\0'; data/radsecproxy-1.8.2/rewrite.c:296:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!hash_insert(rewriteconfs, value, strlen(value), rewrite)) data/radsecproxy-1.8.2/rewrite.c:305:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((r = hash_read(rewriteconfs, alt1, strlen(alt1)))) data/radsecproxy-1.8.2/rewrite.c:308:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((r = hash_read(rewriteconfs, alt2, strlen(alt2)))) data/radsecproxy-1.8.2/tcp.c:150:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cnt = read(s, buf + len, num - len); data/radsecproxy-1.8.2/tests/t_rewrite.c:110:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(RAD_Attr_User_Name, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:111:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(RAD_Attr_User_Name, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:125:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:126:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(3, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:128:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(3, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:144:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:148:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:229:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(rewrite.addattrs, maketlv(1, strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:230:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:246:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(rewrite.addattrs, maketlv(1, strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:247:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(2, strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:250:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(2,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:252:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:298:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(rewrite.supattrs, maketlv(1, strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:299:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:315:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(rewrite.supattrs, maketlv(1, strlen(value2), value2)); data/radsecproxy-1.8.2/tests/t_rewrite.c:316:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:317:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:361:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:362:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:387:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:388:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value2), value2)); data/radsecproxy-1.8.2/tests/t_rewrite.c:413:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:414:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value2), value2)); data/radsecproxy-1.8.2/tests/t_rewrite.c:445:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:446:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value2), value2)); data/radsecproxy-1.8.2/tests/t_rewrite.c:469:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:470:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:494:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1,strlen(value), value)); data/radsecproxy-1.8.2/tests/t_rewrite.c:495:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1,strlen(value2), value2)); data/radsecproxy-1.8.2/tests/t_rewrite.c:573:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:574:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(3, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:575:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, makevendortlv(42, maketlv(1, strlen(username), username))); data/radsecproxy-1.8.2/tests/t_rewrite.c:577:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:596:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:648:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:649:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, maketlv(3, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:654:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, maketlv(1, strlen(username), username)); data/radsecproxy-1.8.2/tests/t_rewrite.c:681:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(origattrs, makevendortlv(9,maketlv(102,strlen(value), value))); data/radsecproxy-1.8.2/tests/t_rewrite.c:682:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). list_push(expectedattrs, makevendortlv(9,maketlv(102,strlen(expect), expect))); data/radsecproxy-1.8.2/tlscommon.c:92:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int pwdlen = strlen(userdata); data/radsecproxy-1.8.2/tlscommon.c:437:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = hash_read(tlsconfs, alt1, strlen(alt1)); data/radsecproxy-1.8.2/tlscommon.c:439:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = hash_read(tlsconfs, alt2, strlen(alt2)); data/radsecproxy-1.8.2/tlscommon.c:649:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (l == strlen(exact) && !strncasecmp(exact, v, l)) data/radsecproxy-1.8.2/tlscommon.c:808:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!hash_insert(tlsconfs, val, strlen(val), conf)) { data/radsecproxy-1.8.2/tlscommon.c:859:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (v[strlen(v) - 1] == '/') data/radsecproxy-1.8.2/tlscommon.c:860:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v[strlen(v) - 1] = '\0'; data/radsecproxy-1.8.2/util.c:26:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); ANALYSIS SUMMARY: Hits = 193 Lines analyzed = 11114 in approximately 0.31 seconds (35509 lines/second) Physical Source Lines of Code (SLOC) = 9259 Hits@level = [0] 120 [1] 79 [2] 101 [3] 3 [4] 10 [5] 0 Hits@level+ = [0+] 313 [1+] 193 [2+] 114 [3+] 13 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 33.8049 [1+] 20.8446 [2+] 12.3123 [3+] 1.40404 [4+] 1.08003 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.