Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rman-3.2/contrib/http-rman.c Examining data/rman-3.2/rman.c FINAL RESULTS: data/rman-3.2/contrib/http-rman.c:172:9: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (gets(buf)) { data/rman-3.2/contrib/http-rman.c:175:9: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. while (gets(url) && url[0] != '\r') data/rman-3.2/contrib/http-rman.c:149:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "man %s %s | rman -r \"man?%%s?%%s\" -n %s -f html", data/rman-3.2/contrib/http-rman.c:152:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return system(buf); data/rman-3.2/contrib/http-rman.c:179:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(buf, "GET %s", url) == 1) { data/rman-3.2/contrib/http-rman.c:184:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "cat %s", sFrontpage); data/rman-3.2/contrib/http-rman.c:185:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(buf) == 0) data/rman-3.2/rman.c:343:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (q!=NULL) strcpy(q,p); data/rman-3.2/rman.c:405:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(r,text); data/rman-3.2/rman.c:519:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(/*$t insert end */ "\""); data/rman-3.2/rman.c:532:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(/*$t insert end */"{%s} sc \\n\n", cruft[i]); data/rman-3.2/rman.c:1266:43: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. case CHARBULLET: if (I>0 || !finlist) printf("·"/*"·"*//*§--middot hardly visible*/); data/rman-3.2/rman.c:1320:22: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("<title>"); printf(manTitle, manName, manSect); printf("</title>\n"); data/rman-3.2/rman.c:1414:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for (i=0; i<scnt-indent; i++) printf(" "/* */); /* ? */ data/rman-3.2/rman.c:1496:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (fmanRef) { printf("<a href='"); printf(href, manrefname, manrefsect); printf("'>"); } data/rman-3.2/rman.c:1737:45: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (fmanRef) { printf("<link linkend='"); printf(href, manrefname, manrefsect); printf("'>"); } data/rman-3.2/rman.c:2136:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( data/rman-3.2/rman.c:2410:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,la_buf); fla=0; data/rman-3.2/rman.c:2493:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(plain,p); data/rman-3.2/rman.c:2818:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(header,p); data/rman-3.2/rman.c:2820:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(head,phrase); headlen=phraselen; data/rman-3.2/rman.c:2823:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(header2,plain); data/rman-3.2/rman.c:2834:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*header && scnt>MINMID) { strcpy(header3,p); ncnt=0; continue; } data/rman-3.2/rman.c:2866:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(footer,p); data/rman-3.2/rman.c:2869:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). /*grabphrase(p);*/ strcpy(foot,phrase); footlen=phraselen; data/rman-3.2/rman.c:2872:55: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). la_gets(buf); filterline(buf,plain); if (linelen) strcpy(footer2,plain); data/rman-3.2/rman.c:3276:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q, reg[i].value); data/rman-3.2/rman.c:3341:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hitxt,r); data/rman-3.2/rman.c:3701:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(manName, p); data/rman-3.2/rman.c:3708:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(manSect, p!=NULL? p: "?"); data/rman-3.2/rman.c:3882:49: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(endig,".."); if (*p) { endig[0]='.'; strcpy(&endig[1],p); } data/rman-3.2/rman.c:3969:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(gz, "%s.gz", p); data/rman-3.2/rman.c:3976:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s -l \"%s\"", GZIP, gz); data/rman-3.2/rman.c:3977:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. proc = popen(cmd, "r"); data/rman-3.2/rman.c:3986:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s -dc \"%s\"", GZIP, gz); data/rman-3.2/rman.c:3987:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. proc = popen(cmd, "r"); data/rman-3.2/rman.c:4306:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q, macroArg[j]); q += strlen(q); data/rman-3.2/rman.c:4332:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). q = malloc(strlen(cmd)+1); strcpy(q,cmd); data/rman-3.2/rman.c:4482:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (newv!=diffline2) { strcpy(diffline2,q); newv=diffline2; } data/rman-3.2/rman.c:4484:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&diffline2[lenq],q); lenq+=strlen(q); data/rman-3.2/rman.c:4752:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 'n': strcpy(manName,optarg); fname=1; break; /* name & section for when using stdin */ data/rman-3.2/rman.c:4753:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 's': strcpy(manSect,optarg); break; data/rman-3.2/rman.c:4791:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, optarg); /* string may not be in writable address space */ data/rman-3.2/rman.c:4837:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(manName,p); data/rman-3.2/rman.c:4841:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(manSect,p+1); data/rman-3.2/rman.c:4846:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(plain,argvch[optind]); data/rman-3.2/rman.c:4745:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c=getopt(argc,argvch,strgetopt))!=-1) { data/rman-3.2/contrib/http-rman.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/rman-3.2/contrib/http-rman.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/rman-3.2/contrib/http-rman.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url[200]; data/rman-3.2/rman.c:130:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diffline[MAXBUF]; data/rman-3.2/rman.c:131:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diffline2[MAXBUF]; data/rman-3.2/rman.c:200:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manName[80] = "man page"; data/rman-3.2/rman.c:201:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manSect[10] = "1"; data/rman-3.2/rman.c:224:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXBUF]; data/rman-3.2/rman.c:225:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plain[MAXBUF]; /* current text line with control characters stripped out */ data/rman-3.2/rman.c:226:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hitxt[MAXBUF]; /* highlighted text (available at time of BEGIN<highlight> signal */ data/rman-3.2/rman.c:228:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[MAXBUF]; /* complete line */ data/rman-3.2/rman.c:229:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header2[MAXBUF]; /* SGIs have two lines of headers and footers */ data/rman-3.2/rman.c:230:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header3[MAXBUF]; /* GNU and some others have a third! */ data/rman-3.2/rman.c:231:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char footer[MAXBUF]; data/rman-3.2/rman.c:232:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char footer2[MAXBUF]; data/rman-3.2/rman.c:234:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cruft[CRUFTS] = { header, header2, header3, footer, footer2 }; data/rman-3.2/rman.c:686:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rebuspat[25]; data/rman-3.2/rman.c:2401:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char la_buf[MAXBUF]; /* can lookahead a full line, but nobody does now */ data/rman-3.2/rman.c:2459:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char phrase[MAXBUF]; /* first "phrase" (space of >=3 spaces) */ data/rman-3.2/rman.c:2743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char head[MAXBUF]=""; /* first "word" */ data/rman-3.2/rman.c:2744:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char foot[MAXBUF]=""; data/rman-3.2/rman.c:3163:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *macnotfound[MACROMAX]; data/rman-3.2/rman.c:3179:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const struct { char key[4]; unsigned char subst[4]; } spec[] = { data/rman-3.2/rman.c:3179:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const struct { char key[4]; unsigned char subst[4]; } spec[] = { data/rman-3.2/rman.c:3214:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tbl[20][20]; /* space enough for twenty description lines, twenty parts each */ data/rman-3.2/rman.c:3228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[MAXBUF]; data/rman-3.2/rman.c:3229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[3]; data/rman-3.2/rman.c:3663:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *macroArg[9]; data/rman-3.2/rman.c:3664:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endig[10]; data/rman-3.2/rman.c:3671:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char if0[80], if1[80]; data/rman-3.2/rman.c:3674:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macrobuf[MAXBUF]; /* local so can have nested macros */ data/rman-3.2/rman.c:3836:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nif1=atoi(p); data/rman-3.2/rman.c:3882:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(endig,".."); if (*p) { endig[0]='.'; strcpy(&endig[1],p); } data/rman-3.2/rman.c:3953:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = open(p, O_RDONLY); data/rman-3.2/rman.c:3973:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/rman-3.2/rman.c:4653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strgetopt[80]; data/rman-3.2/rman.c:4760:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 't': TabStops=atoi(optarg); break; data/rman-3.2/rman.c:4777:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). difffd = fopen(optarg, "r"); data/rman-3.2/rman.c:342:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = malloc(strlen(p)+1); /* +1 gives space for \0 that is not reported by strlen */ data/rman-3.2/rman.c:400:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(text!=NULL && strlen(text)>0); data/rman-3.2/rman.c:404:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = malloc(strlen(text)+1); if (r==NULL) return; data/rman-3.2/rman.c:2494:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q=&plain[strlen(p)]; data/rman-3.2/rman.c:3280:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q+=strlen(q); data/rman-3.2/rman.c:3488:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(subst[i].key); data/rman-3.2/rman.c:3955:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fid, sobuf, fileinfo.st_size) == fileinfo.st_size) { data/rman-3.2/rman.c:3968:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * gz = malloc(strlen(p)+3+1); data/rman-3.2/rman.c:3972:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cmd = malloc(strlen(gz) + strlen(GZIP) + 7 + 1); data/rman-3.2/rman.c:3972:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cmd = malloc(strlen(gz) + strlen(GZIP) + 7 + 1); data/rman-3.2/rman.c:4105:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strincmp(p,"center",strlen("center"))==0) { /* center entire table; should look for "left" and "right", probably */ data/rman-3.2/rman.c:4107:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p+=strlen("center"); while (isspace(*p)) p++; data/rman-3.2/rman.c:4110:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p[strlen(p)-1]==';') { tblc=0; continue; } /* HP has a prequel terminated by ';' */ data/rman-3.2/rman.c:4306:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(q, macroArg[j]); q += strlen(q); data/rman-3.2/rman.c:4332:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = malloc(strlen(cmd)+1); strcpy(q,cmd); data/rman-3.2/rman.c:4452:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ungetc(fgetc(difffd),difffd)=='<') { fgetc(difffd); fgetc(difffd); } /* skip '<' */ data/rman-3.2/rman.c:4452:46: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ungetc(fgetc(difffd),difffd)=='<') { fgetc(difffd); fgetc(difffd); } /* skip '<' */ data/rman-3.2/rman.c:4452:61: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ungetc(fgetc(difffd),difffd)=='<') { fgetc(difffd); fgetc(difffd); } /* skip '<' */ data/rman-3.2/rman.c:4457:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(p)-1]='\0'; /* fgets's \n ending => \0 */ data/rman-3.2/rman.c:4472:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenp=strlen(p); lenq=strlen(q); data/rman-3.2/rman.c:4472:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenp=strlen(p); lenq=strlen(q); data/rman-3.2/rman.c:4474:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(difffd); fgetc(difffd); /* skip '<' */ data/rman-3.2/rman.c:4474:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(difffd); fgetc(difffd); /* skip '<' */ data/rman-3.2/rman.c:4475:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ungetc(fgetc(difffd),difffd)=='.') break; data/rman-3.2/rman.c:4477:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fgets(p, MAXBUF-lenp, difffd); p[strlen(p)-1]='\0'; lenp+=strlen(p); data/rman-3.2/rman.c:4477:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fgets(p, MAXBUF-lenp, difffd); p[strlen(p)-1]='\0'; lenp+=strlen(p); data/rman-3.2/rman.c:4484:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(&diffline2[lenq],q); lenq+=strlen(q); data/rman-3.2/rman.c:4489:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = &p[strlen(oldv)]; q=&q[strlen(newv)]; data/rman-3.2/rman.c:4489:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = &p[strlen(oldv)]; q=&q[strlen(newv)]; data/rman-3.2/rman.c:4505:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p)<15 || (shiftp=strchr(&p[15],' ') /*|| shiftp-p>30*/)==NULL) break; data/rman-3.2/rman.c:4705:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(strgetopt)>10); data/rman-3.2/rman.c:4758:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(manRef)==0 || strcmp(manRef,"-")==0 || strcmp(manRef,"off")==0) fmanRef=0; data/rman-3.2/rman.c:4790:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = malloc(strlen(optarg)+1); data/rman-3.2/rman.c:4797:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<rebuspatcnt; i++) rebuspatlen[i] = strlen(rebuspat[i]); /* for strnlen() */ data/rman-3.2/rman.c:4804:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("rman"); helplen=strlen("rman"); data/rman-3.2/rman.c:4809:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). desclen = strlen(option[i].desc); ANALYSIS SUMMARY: Hits = 121 Lines analyzed = 5086 in approximately 0.18 seconds (27631 lines/second) Physical Source Lines of Code (SLOC) = 3607 Hits@level = [0] 443 [1] 36 [2] 38 [3] 1 [4] 44 [5] 2 Hits@level+ = [0+] 564 [1+] 121 [2+] 85 [3+] 47 [4+] 46 [5+] 2 Hits/KSLOC@level+ = [0+] 156.363 [1+] 33.5459 [2+] 23.5653 [3+] 13.0302 [4+] 12.753 [5+] 0.554477 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.