Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruli-0.36/guile/guile_ruli.c
Examining data/ruli-0.36/guile/guile_ruli.h
Examining data/ruli-0.36/guile/ruli-guile.c
Examining data/ruli-0.36/java/src/jni/ruli_RuliSyncImp.c
Examining data/ruli-0.36/java/src/jni/ruli_RuliSyncImp.h
Examining data/ruli-0.36/lua/lua_ruli.c
Examining data/ruli-0.36/lua/lua_ruli.h
Examining data/ruli-0.36/perl/RULI/ppport.h
Examining data/ruli-0.36/php/ruli/php_ruli.c
Examining data/ruli-0.36/php/ruli/php_ruli.h
Examining data/ruli-0.36/sample/addrprint.c
Examining data/ruli-0.36/sample/addrprint.h
Examining data/ruli-0.36/sample/getaddrinfo.c
Examining data/ruli-0.36/sample/httpsearch.c
Examining data/ruli-0.36/sample/parse_options.c
Examining data/ruli-0.36/sample/parse_options.h
Examining data/ruli-0.36/sample/ruli-getaddrinfo.c
Examining data/ruli-0.36/sample/run_getaddrinfo.c
Examining data/ruli-0.36/sample/run_getaddrinfo.h
Examining data/ruli-0.36/sample/smtpsearch.c
Examining data/ruli-0.36/sample/srvsearch.c
Examining data/ruli-0.36/sample/stdout_srv_list.c
Examining data/ruli-0.36/sample/stdout_srv_list.h
Examining data/ruli-0.36/sample/sync_httpsearch.c
Examining data/ruli-0.36/sample/sync_smtpsearch.c
Examining data/ruli-0.36/sample/sync_srvsearch.c
Examining data/ruli-0.36/src/ruli.h
Examining data/ruli-0.36/src/ruli_addr.c
Examining data/ruli-0.36/src/ruli_addr.h
Examining data/ruli-0.36/src/ruli_conf.c
Examining data/ruli-0.36/src/ruli_conf.h
Examining data/ruli-0.36/src/ruli_fsm.c
Examining data/ruli-0.36/src/ruli_fsm.h
Examining data/ruli-0.36/src/ruli_getaddrinfo.c
Examining data/ruli-0.36/src/ruli_getaddrinfo.h
Examining data/ruli-0.36/src/ruli_host.c
Examining data/ruli-0.36/src/ruli_host.h
Examining data/ruli-0.36/src/ruli_http.c
Examining data/ruli-0.36/src/ruli_http.h
Examining data/ruli-0.36/src/ruli_isaac.c
Examining data/ruli-0.36/src/ruli_isaac.h
Examining data/ruli-0.36/src/ruli_limits.h
Examining data/ruli-0.36/src/ruli_list.c
Examining data/ruli-0.36/src/ruli_list.h
Examining data/ruli-0.36/src/ruli_mem.c
Examining data/ruli-0.36/src/ruli_mem.h
Examining data/ruli-0.36/src/ruli_msg.c
Examining data/ruli-0.36/src/ruli_msg.h
Examining data/ruli-0.36/src/ruli_oop.h
Examining data/ruli-0.36/src/ruli_parse.c
Examining data/ruli-0.36/src/ruli_parse.h
Examining data/ruli-0.36/src/ruli_rand.c
Examining data/ruli-0.36/src/ruli_rand.h
Examining data/ruli-0.36/src/ruli_res.c
Examining data/ruli-0.36/src/ruli_res.h
Examining data/ruli-0.36/src/ruli_search.c
Examining data/ruli-0.36/src/ruli_search.h
Examining data/ruli-0.36/src/ruli_smtp.c
Examining data/ruli-0.36/src/ruli_smtp.h
Examining data/ruli-0.36/src/ruli_sock.c
Examining data/ruli-0.36/src/ruli_sock.h
Examining data/ruli-0.36/src/ruli_srv.c
Examining data/ruli-0.36/src/ruli_srv.h
Examining data/ruli-0.36/src/ruli_sync.c
Examining data/ruli-0.36/src/ruli_sync.h
Examining data/ruli-0.36/src/ruli_txt.c
Examining data/ruli-0.36/src/ruli_txt.h
Examining data/ruli-0.36/src/ruli_util.c
Examining data/ruli-0.36/src/ruli_util.h
Examining data/ruli-0.36/tools/addrsolver.c
Examining data/ruli-0.36/tools/addrsolver2.c
Examining data/ruli-0.36/tools/addrsolver3.c
Examining data/ruli-0.36/tools/cycle_res.c
Examining data/ruli-0.36/tools/cycle_res2.c
Examining data/ruli-0.36/tools/hostsolver.c
Examining data/ruli-0.36/tools/in6_addr.c
Examining data/ruli-0.36/tools/ipv6.c
Examining data/ruli-0.36/tools/list.c
Examining data/ruli-0.36/tools/rand.c
Examining data/ruli-0.36/tools/resolve.c
Examining data/ruli-0.36/tools/rfc3484.c
Examining data/ruli-0.36/tools/ruli-host.c
Examining data/ruli-0.36/tools/srvsolver.c
Examining data/ruli-0.36/tools/srvsolver2.c
Examining data/ruli-0.36/tools/stdin_domains.c
Examining data/ruli-0.36/tools/stdin_domains.h
Examining data/ruli-0.36/tools/stdout_srv_list.c
Examining data/ruli-0.36/tools/stdout_srv_list.h
Examining data/ruli-0.36/tools/syncsolver.c
Examining data/ruli-0.36/tools/trivial_conf_handler.c
Examining data/ruli-0.36/tools/trivial_conf_handler.h
FINAL RESULTS:
data/ruli-0.36/tools/hostsolver.c:263:14: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
char *dst = strncat(buf, "\n", BUFSZ);
data/ruli-0.36/sample/getaddrinfo.c:177:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fullname);
data/ruli-0.36/sample/httpsearch.c:193:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuf->txt_domain, domain);
data/ruli-0.36/sample/ruli-getaddrinfo.c:179:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fullname);
data/ruli-0.36/sample/smtpsearch.c:192:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qbuf->txt_domain, domain);
data/ruli-0.36/src/ruli_addr.c:396:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
w = fprintf(out, fmt, sum);
data/ruli-0.36/src/ruli_addr.c:418:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return fprintf(out, inet_ntoa(addr->ipv4));
data/ruli-0.36/src/ruli_addr.c:467:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
w = snprintf(buf + wr, size - wr, fmt, sum);
data/ruli-0.36/src/ruli_addr.c:491:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(buf, size, inet_ntoa(addr->ipv4));
data/ruli-0.36/src/ruli_addr.c:997:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, inet_ntoa(addr->src_sock.sock.sin_addr));
data/ruli-0.36/src/ruli_conf.c:307:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/ruli-0.36/src/ruli_util.h:48:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *, size_t, const char *, ...);
data/ruli-0.36/tools/addrsolver.c:78:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver.c:89:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver.c:118:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver.c:139:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver.c:216:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver2.c:78:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver2.c:89:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver2.c:118:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver2.c:139:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver2.c:216:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver3.c:78:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver3.c:89:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver3.c:118:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver3.c:139:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/addrsolver3.c:216:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/ipv6.c:46:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/ruli-host.c:73:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/ruli-host.c:88:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/ruli-host.c:112:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/ruli-0.36/tools/srvsolver.c:77:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out, fmt, msg, buf_len);
data/ruli-0.36/tools/srvsolver2.c:84:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out, fmt, msg, buf_len);
data/ruli-0.36/guile/guile_ruli.c:138:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/guile/guile_ruli.c:170:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/java/src/jni/ruli_RuliSyncImp.c:100:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/java/src/jni/ruli_RuliSyncImp.c:138:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/lua/lua_ruli.c:86:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/lua/lua_ruli.c:143:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/php/ruli/php_ruli.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ruli-0.36/php/ruli/php_ruli.c:154:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(string, "Congratulations! You have successfully modified ext/%.78s/config.m4. Module %.78s is now compiled into PHP.", "ruli", arg);
data/ruli-0.36/php/ruli/php_ruli.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/php/ruli/php_ruli.c:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/sample/addrprint.c:44:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/ruli-0.36/sample/addrprint.c:53:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/ruli-0.36/sample/getaddrinfo.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[name_len + 1];
data/ruli-0.36/sample/getaddrinfo.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fullname, name_len + 1);
data/ruli-0.36/sample/getaddrinfo.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[100];
data/ruli-0.36/sample/getaddrinfo.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(service, i, j - i);
data/ruli-0.36/sample/getaddrinfo.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/httpsearch.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[QBUFSZ];
data/ruli-0.36/sample/httpsearch.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/httpsearch.c:327:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[1]);
data/ruli-0.36/sample/ruli-getaddrinfo.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[name_len + 1];
data/ruli-0.36/sample/ruli-getaddrinfo.c:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fullname, name_len + 1);
data/ruli-0.36/sample/ruli-getaddrinfo.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[BUFSZ];
data/ruli-0.36/sample/ruli-getaddrinfo.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(service, i, j - i);
data/ruli-0.36/sample/ruli-getaddrinfo.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/smtpsearch.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[QBUFSZ];
data/ruli-0.36/sample/smtpsearch.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/srvsearch.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_service[QBUFSZ];
data/ruli-0.36/sample/srvsearch.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[QBUFSZ];
data/ruli-0.36/sample/srvsearch.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/sample/srvsearch.c:236:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_service, domain, qbuf->txt_service_len);
data/ruli-0.36/sample/srvsearch.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_domain, i, qbuf->txt_domain_len);
data/ruli-0.36/sample/srvsearch.c:320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/stdout_srv_list.c:65:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/sample/sync_httpsearch.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/sync_httpsearch.c:158:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[1]);
data/ruli-0.36/sample/sync_smtpsearch.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/sample/sync_srvsearch.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[name_len + 1];
data/ruli-0.36/sample/sync_srvsearch.c:54:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fullname, name_len + 1);
data/ruli-0.36/sample/sync_srvsearch.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/src/ruli_addr.c:688:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6_mem, &tmp, sizeof(tmp));
data/ruli-0.36/src/ruli_addr.c:692:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6_mem, &tmp, sizeof(tmp));
data/ruli-0.36/src/ruli_addr.c:703:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) &in6_mem) + 12, &in->s_addr, 4);
data/ruli-0.36/src/ruli_conf.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[LOAD_SEARCH_LIST_INBUFSZ];
data/ruli-0.36/src/ruli_conf.c:68:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(RESOLV_CONF, "r");
data/ruli-0.36/src/ruli_conf.c:159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_conf.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[LOAD_NS_LIST_INBUFSZ];
data/ruli-0.36/src/ruli_conf.c:230:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(RESOLV_CONF, "r");
data/ruli-0.36/src/ruli_fsm.c:1064:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qry->answer_buf, buf, rd);
data/ruli-0.36/src/ruli_fsm.c:1506:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qry->answer_buf, server->tcp_head_buf + 2, len);
data/ruli-0.36/src/ruli_getaddrinfo.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_service[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_getaddrinfo.c:92:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(service) > 0 || *service == '0')
data/ruli-0.36/src/ruli_getaddrinfo.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonname[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_getaddrinfo.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->ai_canonname, canonname, canonlen + 1);
data/ruli-0.36/src/ruli_host.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_host.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wanted_txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_host.c:382:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname_trg_txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_msg.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_msg.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, dname, dname_len);
data/ruli-0.36/src/ruli_parse.c:379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, rdata, rdlength);
data/ruli-0.36/src/ruli_parse.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, rdata, rdlength);
data/ruli-0.36/src/ruli_res.c:485:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res_qry->full_dname, res_qry->q_domain, res_qry->q_domain_len);
data/ruli-0.36/src/ruli_res.c:769:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_res.c:801:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_search.h:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_encoded_service[RULI_LIMIT_DNAME_ENCODED];
data/ruli-0.36/src/ruli_search.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_encoded_domain[RULI_LIMIT_DNAME_ENCODED];
data/ruli-0.36/src/ruli_smtp.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_smtp.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wanted_txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_smtp.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_sock.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa.inet6.sin6_addr.s6_addr, &in6addr_any, sizeof(in6addr_any));
data/ruli-0.36/src/ruli_srv.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_srv.c:300:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_srv.c:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_srv.c:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_srv.c:1317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srv_entry->target, target, target_len);
data/ruli-0.36/src/ruli_srv.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[RULI_LIMIT_DNAME_ENCODED]; /* encoded, uncompressed */
data/ruli-0.36/src/ruli_txt.c:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, label, label_len);
data/ruli-0.36/src/ruli_txt.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/ruli-0.36/src/ruli_txt.c:303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, label, len);
data/ruli-0.36/src/ruli_txt.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf, src_label, len_plus_1);
data/ruli-0.36/src/ruli_txt.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/src/ruli_txt.c:536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf, src1, len1);
data/ruli-0.36/src/ruli_txt.c:537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf + len1, src2, len2);
data/ruli-0.36/tools/addrsolver.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/ruli-0.36/tools/addrsolver.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner_buf[OWNER_BUFSZ];
data/ruli-0.36/tools/addrsolver.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_str, domain, domain_len);
data/ruli-0.36/tools/addrsolver.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom_buf[DOM_BUFSZ];
data/ruli-0.36/tools/addrsolver.c:361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_buf, name, dom_len);
data/ruli-0.36/tools/addrsolver.c:427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/tools/addrsolver.c:538:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/addrsolver.c:539:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/addrsolver2.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/ruli-0.36/tools/addrsolver2.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner_buf[OWNER_BUFSZ];
data/ruli-0.36/tools/addrsolver2.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_str, domain, domain_len);
data/ruli-0.36/tools/addrsolver2.c:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom_buf[DOM_BUFSZ];
data/ruli-0.36/tools/addrsolver2.c:390:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_buf, name, dom_len);
data/ruli-0.36/tools/addrsolver2.c:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/tools/addrsolver2.c:545:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/addrsolver2.c:546:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/addrsolver3.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/ruli-0.36/tools/addrsolver3.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner_buf[OWNER_BUFSZ];
data/ruli-0.36/tools/addrsolver3.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_str, domain, domain_len);
data/ruli-0.36/tools/addrsolver3.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom_buf[DOM_BUFSZ];
data/ruli-0.36/tools/addrsolver3.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_buf, name, dom_len);
data/ruli-0.36/tools/addrsolver3.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/tools/addrsolver3.c:542:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/addrsolver3.c:543:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/hostsolver.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, len);
data/ruli-0.36/tools/hostsolver.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/ruli-0.36/tools/hostsolver.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner_buf[OWNER_BUFSZ];
data/ruli-0.36/tools/hostsolver.c:329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_str, domain, domain_len);
data/ruli-0.36/tools/hostsolver.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[domain_buf_size];
data/ruli-0.36/tools/hostsolver.c:465:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_buf[DEBUG_BUFSZ];
data/ruli-0.36/tools/hostsolver.c:469:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(debug_buf, domain, domain_len);
data/ruli-0.36/tools/hostsolver.c:485:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom_buf[DOM_BUFSZ];
data/ruli-0.36/tools/hostsolver.c:488:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_buf, domain, dom_len);
data/ruli-0.36/tools/hostsolver.c:659:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/hostsolver.c:660:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/in6_addr.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/tools/ipv6.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/tools/resolve.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname_buf[dname_buf_len];
data/ruli-0.36/tools/resolve.c:292:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
redo = atoi(argv[1]);
data/ruli-0.36/tools/resolve.c:296:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[5]);
data/ruli-0.36/tools/resolve.c:297:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[6]);
data/ruli-0.36/tools/rfc3484.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/tools/rfc3484.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ruli-0.36/tools/rfc3484.c:188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[40];
data/ruli-0.36/tools/ruli-host.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/ruli-0.36/tools/ruli-host.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_str, domain, domain_len);
data/ruli-0.36/tools/ruli-host.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dom_buf[DOM_BUFSZ];
data/ruli-0.36/tools/ruli-host.c:271:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dom_buf, name, dom_len);
data/ruli-0.36/tools/ruli-host.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/tools/ruli-host.c:450:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/ruli-host.c:451:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/ruli-host.c:452:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cname = atoi(argv[3]);
data/ruli-0.36/tools/srvsolver.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_service[QBUFSZ];
data/ruli-0.36/tools/srvsolver.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[QBUFSZ];
data/ruli-0.36/tools/srvsolver.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_service[QBUFSZ];
data/ruli-0.36/tools/srvsolver.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_domain[QBUFSZ];
data/ruli-0.36/tools/srvsolver.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_BUFSZ];
data/ruli-0.36/tools/srvsolver.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, buf, buf_len);
data/ruli-0.36/tools/srvsolver.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/tools/srvsolver.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[domain_buf_size];
data/ruli-0.36/tools/srvsolver.c:392:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_service, domain, qbuf->txt_service_len);
data/ruli-0.36/tools/srvsolver.c:403:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_domain, i, qbuf->txt_domain_len);
data/ruli-0.36/tools/srvsolver.c:591:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/srvsolver.c:592:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/srvsolver2.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_service[QBUFSZ];
data/ruli-0.36/tools/srvsolver2.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_domain[QBUFSZ];
data/ruli-0.36/tools/srvsolver2.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_service[QBUFSZ];
data/ruli-0.36/tools/srvsolver2.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_domain[QBUFSZ];
data/ruli-0.36/tools/srvsolver2.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_BUFSZ];
data/ruli-0.36/tools/srvsolver2.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, buf, buf_len);
data/ruli-0.36/tools/srvsolver2.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/tools/srvsolver2.c:362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_service, domain, qbuf->txt_service_len);
data/ruli-0.36/tools/srvsolver2.c:373:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qbuf->txt_domain, i, qbuf->txt_domain_len);
data/ruli-0.36/tools/srvsolver2.c:455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/tools/srvsolver2.c:567:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[1]);
data/ruli-0.36/tools/srvsolver2.c:568:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[2]);
data/ruli-0.36/tools/stdin_domains.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buf[IN_BUF_SIZE];
data/ruli-0.36/tools/stdin_domains.c:50:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buf, i, len);
data/ruli-0.36/tools/stdin_domains.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(domain_buf, i, len);
data/ruli-0.36/tools/stdout_srv_list.c:65:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_dname_buf[RULI_LIMIT_DNAME_TEXT_BUFSZ];
data/ruli-0.36/tools/syncsolver.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[name_len + 1];
data/ruli-0.36/tools/syncsolver.c:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fullname, name_len + 1);
data/ruli-0.36/tools/syncsolver.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[INBUFSZ];
data/ruli-0.36/guile/guile_ruli.c:80:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return scm_string_to_symbol(scm_mem2string(SYMB_TIMEOUT, strlen(SYMB_TIMEOUT)));
data/ruli-0.36/guile/guile_ruli.c:84:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return scm_string_to_symbol(scm_mem2string(SYMB_UNAVAILABLE, strlen(SYMB_UNAVAILABLE)));
data/ruli-0.36/guile/guile_ruli.c:91:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scm_string_to_symbol(scm_mem2string(SYMB_SRV_CODE, strlen(SYMB_SRV_CODE)));
data/ruli-0.36/guile/guile_ruli.c:93:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SCM s_srv_msg = scm_mem2string(srv_msg, strlen(srv_msg));
data/ruli-0.36/guile/guile_ruli.c:101:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scm_string_to_symbol(scm_mem2string(SYMB_RCODE, strlen(SYMB_RCODE)));
data/ruli-0.36/guile/guile_ruli.c:117:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symb_target = scm_string_to_symbol(scm_mem2string(SYMB_TARGET, strlen(SYMB_TARGET)));
data/ruli-0.36/guile/guile_ruli.c:118:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symb_priority = scm_string_to_symbol(scm_mem2string(SYMB_PRIORITY, strlen(SYMB_PRIORITY)));
data/ruli-0.36/guile/guile_ruli.c:119:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symb_weight = scm_string_to_symbol(scm_mem2string(SYMB_WEIGHT, strlen(SYMB_WEIGHT)));
data/ruli-0.36/guile/guile_ruli.c:120:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symb_port = scm_string_to_symbol(scm_mem2string(SYMB_PORT, strlen(SYMB_PORT)));
data/ruli-0.36/guile/guile_ruli.c:121:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symb_addresses = scm_string_to_symbol(scm_mem2string(SYMB_ADDRESSES, strlen(SYMB_ADDRESSES)));
data/ruli-0.36/perl/RULI/ppport.h:724:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(radix);
data/ruli-0.36/sample/getaddrinfo.c:49:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(fullname);
data/ruli-0.36/sample/getaddrinfo.c:65:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/sample/httpsearch.c:191:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qbuf->txt_domain_len = strlen(domain);
data/ruli-0.36/sample/ruli-getaddrinfo.c:50:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(fullname);
data/ruli-0.36/sample/ruli-getaddrinfo.c:66:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/sample/smtpsearch.c:190:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qbuf->txt_domain_len = strlen(domain);
data/ruli-0.36/sample/srvsearch.c:194:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int domain_len = strlen(domain);
data/ruli-0.36/sample/sync_srvsearch.c:46:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(fullname);
data/ruli-0.36/sample/sync_srvsearch.c:62:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/src/ruli_conf.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tok, strlen(tok));
data/ruli-0.36/src/ruli_search.c:74:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int txt_service_len = strlen(txt_service);
data/ruli-0.36/src/ruli_search.c:75:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int txt_domain_len = strlen(txt_domain);
data/ruli-0.36/tools/addrsolver.c:200:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ruli_dname_match(domain, strlen(domain), owner_buf, owner_len))
data/ruli-0.36/tools/addrsolver.c:337:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/tools/addrsolver2.c:200:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ruli_dname_match(domain, strlen(domain), owner_buf, owner_len))
data/ruli-0.36/tools/addrsolver2.c:343:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/tools/addrsolver3.c:200:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ruli_dname_match(domain, strlen(domain), owner_buf, owner_len))
data/ruli-0.36/tools/addrsolver3.c:344:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/tools/hostsolver.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/ruli-0.36/tools/hostsolver.c:247:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ruli_dname_match(domain, strlen(domain), owner_buf, owner_len))
data/ruli-0.36/tools/resolve.c:166:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int domain_len = strlen(domain);
data/ruli-0.36/tools/ruli-host.c:247:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/ruli-0.36/tools/srvsolver2.c:328:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int domain_len = strlen(domain);
data/ruli-0.36/tools/stdin_domains.c:70:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rd = read(std_in, in_buf + in_buf_len, IN_BUF_SIZE - in_buf_len);
data/ruli-0.36/tools/syncsolver.c:45:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(fullname);
data/ruli-0.36/tools/syncsolver.c:61:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
ANALYSIS SUMMARY:
Hits = 236
Lines analyzed = 22550 in approximately 0.50 seconds (45448 lines/second)
Physical Source Lines of Code (SLOC) = 13341
Hits@level = [0] 499 [1] 37 [2] 166 [3] 0 [4] 32 [5] 1
Hits@level+ = [0+] 735 [1+] 236 [2+] 199 [3+] 33 [4+] 33 [5+] 1
Hits/KSLOC@level+ = [0+] 55.0933 [1+] 17.6898 [2+] 14.9164 [3+] 2.47358 [4+] 2.47358 [5+] 0.0749569
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.