Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/seafile-7.0.10/common/block-backend-fs.c
Examining data/seafile-7.0.10/common/block-backend.c
Examining data/seafile-7.0.10/common/block-backend.h
Examining data/seafile-7.0.10/common/block-mgr.c
Examining data/seafile-7.0.10/common/block-mgr.h
Examining data/seafile-7.0.10/common/block.h
Examining data/seafile-7.0.10/common/branch-mgr.c
Examining data/seafile-7.0.10/common/branch-mgr.h
Examining data/seafile-7.0.10/common/cdc/cdc.c
Examining data/seafile-7.0.10/common/cdc/cdc.h
Examining data/seafile-7.0.10/common/cdc/rabin-checksum.c
Examining data/seafile-7.0.10/common/cdc/rabin-checksum.h
Examining data/seafile-7.0.10/common/commit-mgr.c
Examining data/seafile-7.0.10/common/commit-mgr.h
Examining data/seafile-7.0.10/common/common.h
Examining data/seafile-7.0.10/common/curl-init.c
Examining data/seafile-7.0.10/common/curl-init.h
Examining data/seafile-7.0.10/common/diff-simple.c
Examining data/seafile-7.0.10/common/diff-simple.h
Examining data/seafile-7.0.10/common/fs-mgr.c
Examining data/seafile-7.0.10/common/fs-mgr.h
Examining data/seafile-7.0.10/common/index/cache-tree.c
Examining data/seafile-7.0.10/common/index/cache-tree.h
Examining data/seafile-7.0.10/common/index/hash.c
Examining data/seafile-7.0.10/common/index/hash.h
Examining data/seafile-7.0.10/common/index/index.c
Examining data/seafile-7.0.10/common/index/index.h
Examining data/seafile-7.0.10/common/index/name-hash.c
Examining data/seafile-7.0.10/common/log.c
Examining data/seafile-7.0.10/common/log.h
Examining data/seafile-7.0.10/common/mq-mgr.c
Examining data/seafile-7.0.10/common/mq-mgr.h
Examining data/seafile-7.0.10/common/obj-backend-fs.c
Examining data/seafile-7.0.10/common/obj-backend.h
Examining data/seafile-7.0.10/common/obj-store.c
Examining data/seafile-7.0.10/common/obj-store.h
Examining data/seafile-7.0.10/common/rpc-service.c
Examining data/seafile-7.0.10/common/seafile-crypt.c
Examining data/seafile-7.0.10/common/seafile-crypt.h
Examining data/seafile-7.0.10/common/vc-common.c
Examining data/seafile-7.0.10/common/vc-common.h
Examining data/seafile-7.0.10/daemon/cevent.c
Examining data/seafile-7.0.10/daemon/cevent.h
Examining data/seafile-7.0.10/daemon/change-set.c
Examining data/seafile-7.0.10/daemon/change-set.h
Examining data/seafile-7.0.10/daemon/clone-mgr.c
Examining data/seafile-7.0.10/daemon/clone-mgr.h
Examining data/seafile-7.0.10/daemon/filelock-mgr.c
Examining data/seafile-7.0.10/daemon/filelock-mgr.h
Examining data/seafile-7.0.10/daemon/http-tx-mgr.c
Examining data/seafile-7.0.10/daemon/http-tx-mgr.h
Examining data/seafile-7.0.10/daemon/job-mgr.c
Examining data/seafile-7.0.10/daemon/job-mgr.h
Examining data/seafile-7.0.10/daemon/repo-mgr.c
Examining data/seafile-7.0.10/daemon/repo-mgr.h
Examining data/seafile-7.0.10/daemon/seaf-daemon.c
Examining data/seafile-7.0.10/daemon/seafile-config.c
Examining data/seafile-7.0.10/daemon/seafile-config.h
Examining data/seafile-7.0.10/daemon/seafile-error-impl.h
Examining data/seafile-7.0.10/daemon/seafile-error.c
Examining data/seafile-7.0.10/daemon/seafile-session.c
Examining data/seafile-7.0.10/daemon/seafile-session.h
Examining data/seafile-7.0.10/daemon/set-perm.c
Examining data/seafile-7.0.10/daemon/set-perm.h
Examining data/seafile-7.0.10/daemon/sync-mgr.c
Examining data/seafile-7.0.10/daemon/sync-mgr.h
Examining data/seafile-7.0.10/daemon/sync-status-tree.c
Examining data/seafile-7.0.10/daemon/sync-status-tree.h
Examining data/seafile-7.0.10/daemon/test-sync-tree.c
Examining data/seafile-7.0.10/daemon/timer.c
Examining data/seafile-7.0.10/daemon/timer.h
Examining data/seafile-7.0.10/daemon/vc-utils.c
Examining data/seafile-7.0.10/daemon/vc-utils.h
Examining data/seafile-7.0.10/daemon/wt-monitor-linux.c
Examining data/seafile-7.0.10/daemon/wt-monitor-macos.c
Examining data/seafile-7.0.10/daemon/wt-monitor-structs.c
Examining data/seafile-7.0.10/daemon/wt-monitor-structs.h
Examining data/seafile-7.0.10/daemon/wt-monitor-win32.c
Examining data/seafile-7.0.10/daemon/wt-monitor.c
Examining data/seafile-7.0.10/daemon/wt-monitor.h
Examining data/seafile-7.0.10/include/seafile-error.h
Examining data/seafile-7.0.10/include/seafile-rpc.h
Examining data/seafile-7.0.10/include/seafile.h
Examining data/seafile-7.0.10/lib/db.c
Examining data/seafile-7.0.10/lib/db.h
Examining data/seafile-7.0.10/lib/include.h
Examining data/seafile-7.0.10/lib/net.c
Examining data/seafile-7.0.10/lib/net.h
Examining data/seafile-7.0.10/lib/seafile-rpc-wrapper.c
Examining data/seafile-7.0.10/lib/searpc-marshal.h
Examining data/seafile-7.0.10/lib/searpc-signature.h
Examining data/seafile-7.0.10/lib/utils.c
Examining data/seafile-7.0.10/lib/utils.h
Examining data/seafile-7.0.10/msi/custom/custom.c
FINAL RESULTS:
data/seafile-7.0.10/common/index/index.c:1778:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
pathlen = readlink(path, buf, SEAF_PATH_MAX);
data/seafile-7.0.10/daemon/repo-mgr.c:4330:21: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (path, de->mode & ~S_IFMT);
data/seafile-7.0.10/daemon/set-perm.c:313:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (path, new_mode) < 0) {
data/seafile-7.0.10/daemon/vc-utils.h:16:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
static inline int readlink(const char *path, char *buf, size_t bufsiz)
data/seafile-7.0.10/lib/utils.c:2056:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t l = readlink(path, buf, SEAF_PATH_MAX);
data/seafile-7.0.10/common/cdc/cdc.c:92:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, chunk_descr.checksum, \
data/seafile-7.0.10/common/cdc/cdc.c:114:34: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/cdc/cdc.c:232:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/cdc/cdc.c:241:51: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int ret = file_chunk_cdc (fd_src, file_descr, crypt, write_data);
data/seafile-7.0.10/common/cdc/cdc.h:22:52: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/cdc/cdc.h:54:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/cdc/cdc.h:59:45: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.c:116:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt)
data/seafile-7.0.10/common/fs-mgr.c:156:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (crypt != NULL) {
data/seafile-7.0.10/common/fs-mgr.c:171:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt);
data/seafile-7.0.10/common/fs-mgr.c:238:46: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.c:276:60: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (checkout_block (repo_id, version, blk_id, wfd, crypt) < 0)
data/seafile-7.0.10/common/fs-mgr.c:608:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.c:618:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (crypt != NULL && chunk->len) {
data/seafile-7.0.10/common/fs-mgr.c:626:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt);
data/seafile-7.0.10/common/fs-mgr.c:677:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/common/fs-mgr.c:719:55: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
chunk, data->crypt,
data/seafile-7.0.10/common/fs-mgr.c:740:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.c:768:18: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
data.crypt = crypt;
data/seafile-7.0.10/common/fs-mgr.c:834:45: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.c:869:54: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (filename_chunk_cdc (file_path, &cdc, crypt, write_data) < 0) {
data/seafile-7.0.10/common/fs-mgr.c:878:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, &cdc, write_data) < 0) {
data/seafile-7.0.10/common/fs-mgr.h:182:53: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.h:225:45: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/fs-mgr.h:327:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/index/index.c:961:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/common/index/index.c:1031:58: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (index_cb (repo_id, version, full_path, sha1, crypt, FALSE) < 0) {
data/seafile-7.0.10/common/index/index.c:1041:54: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (index_cb (repo_id, version, full_path, sha1, crypt, TRUE) < 0) {
data/seafile-7.0.10/common/index/index.h:421:46: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/index/index.h:431:39: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/common/seafile-crypt.c:46:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return crypt;
data/seafile-7.0.10/common/seafile-crypt.c:144:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/common/seafile-crypt.c:166:62: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
(char *)secret_key, sizeof(secret_key), crypt);
data/seafile-7.0.10/common/seafile-crypt.c:170:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:248:23: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/common/seafile-crypt.c:260:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt) < 0) {
data/seafile-7.0.10/common/seafile-crypt.c:262:21: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:265:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:288:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/common/seafile-crypt.c:299:26: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt) < 0) {
data/seafile-7.0.10/common/seafile-crypt.c:301:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:304:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:312:58: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
(char *)secret_key, secret_key_len, crypt);
data/seafile-7.0.10/common/seafile-crypt.c:318:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/common/seafile-crypt.c:330:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt)
data/seafile-7.0.10/common/seafile-crypt.c:387:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt)
data/seafile-7.0.10/common/seafile-crypt.c:443:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt)
data/seafile-7.0.10/common/seafile-crypt.c:550:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt)
data/seafile-7.0.10/common/seafile-crypt.h:91:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt);
data/seafile-7.0.10/common/seafile-crypt.h:99:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt);
data/seafile-7.0.10/daemon/repo-mgr.c:1210:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1217:58: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
path, sha1, &size, crypt, write_data, !seaf->disable_block_hash) < 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:1241:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1307:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
st, 0, crypt, index_cb, modifier, &added);
data/seafile-7.0.10/daemon/repo-mgr.c:1335:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
st, 0, crypt, index_cb, modifier, &added);
data/seafile-7.0.10/daemon/repo-mgr.c:1384:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/daemon/repo-mgr.c:1470:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
params->crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1545:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1584:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1595:22: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
.crypt = crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1698:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
params->crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1805:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1838:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1849:22: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
.crypt = crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:1881:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (pattern, path_w);
data/seafile-7.0.10/daemon/repo-mgr.c:2029:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2042:52: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
istate, repo->worktree, "", crypt, FALSE, ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2079:34: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, const char *path, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2102:24: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, FALSE, ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2155:20: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, FALSE, ignore_list, total_size, remain_files, &options);
data/seafile-7.0.10/daemon/repo-mgr.c:2165:34: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, const char *path, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2221:20: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, FALSE, ignore_list, total_size, remain_files, &options);
data/seafile-7.0.10/daemon/repo-mgr.c:2230:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, GQueue *remain_files,
data/seafile-7.0.10/daemon/repo-mgr.c:2251:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
&st, 0, crypt, index_cb, repo->email, &added);
data/seafile-7.0.10/daemon/repo-mgr.c:2567:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:2579:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
add_path_to_index (repo, istate, crypt, event->path,
data/seafile-7.0.10/daemon/repo-mgr.c:2584:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
add_path_to_index (repo, istate, crypt, event->path,
data/seafile-7.0.10/daemon/repo-mgr.c:2626:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
add_remain_files (repo, istate, crypt, event->remain_files,
data/seafile-7.0.10/daemon/repo-mgr.c:3184:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:3294:20: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt, FALSE, ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:3662:48: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, GList *ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:3767:49: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (handle_add_files (repo, istate, crypt, ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:3775:49: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (handle_add_files (repo, istate, crypt, ignore_list,
data/seafile-7.0.10/daemon/repo-mgr.c:3836:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
handle_rename (repo, istate, crypt, ignore_list, fset, event, &scanned_del_dirs, &total_size);
data/seafile-7.0.10/daemon/repo-mgr.c:3848:54: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
scan_worktree_for_changes (istate, repo, crypt, ignore_list, fset);
data/seafile-7.0.10/daemon/repo-mgr.c:3889:60: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (apply_worktree_changes_to_index (repo, istate, crypt, ignore_list, fset) < 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:3893:57: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
} else if (scan_worktree_for_changes (istate, repo, crypt, ignore_list, fset) < 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:3904:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/daemon/repo-mgr.c:3935:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (commit_id, commit->commit_id);
data/seafile-7.0.10/daemon/repo-mgr.c:4275:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt;
data/seafile-7.0.10/daemon/repo-mgr.c:4309:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt = data->crypt;
data/seafile-7.0.10/daemon/repo-mgr.c:4347:60: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (compare_file_content (path, &st, de->sha1, crypt, repo_version) == 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:4554:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt = data->crypt;
data/seafile-7.0.10/daemon/repo-mgr.c:4618:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:4731:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:4755:18: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
data.crypt = crypt;
data/seafile-7.0.10/daemon/repo-mgr.c:5032:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (pattern, path_w);
data/seafile-7.0.10/daemon/repo-mgr.c:5054:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (sub_path_w, path_w);
data/seafile-7.0.10/daemon/repo-mgr.c:5056:9: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat (sub_path_w, fdata.cFileName);
data/seafile-7.0.10/daemon/repo-mgr.c:5644:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/seafile-7.0.10/daemon/repo-mgr.c:5661:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/daemon/sync-mgr.c:1505:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/seafile-7.0.10/daemon/sync-mgr.c:1539:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
g_free (crypt);
data/seafile-7.0.10/daemon/vc-utils.c:228:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (subpath_w, parent);
data/seafile-7.0.10/daemon/vc-utils.c:230:9: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat (subpath_w, fdata->cFileName);
data/seafile-7.0.10/daemon/vc-utils.c:285:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, int repo_version,
data/seafile-7.0.10/daemon/vc-utils.c:296:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (filename_chunk_cdc (path, &cdc, crypt, FALSE) < 0) {
data/seafile-7.0.10/daemon/vc-utils.c:314:37: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
SeafileCrypt *crypt, int repo_version)
data/seafile-7.0.10/daemon/vc-utils.c:323:53: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (compute_file_id_with_cdc (path, st, crypt, repo_version,
data/seafile-7.0.10/daemon/vc-utils.c:331:53: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (compute_file_id_with_cdc (path, st, crypt, repo_version,
data/seafile-7.0.10/daemon/vc-utils.c:344:49: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (compute_file_id_with_cdc (path, st, crypt, repo_version,
data/seafile-7.0.10/daemon/vc-utils.c:537:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (pattern, path_w);
data/seafile-7.0.10/daemon/vc-utils.c:553:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (sub_path_w, path_w);
data/seafile-7.0.10/daemon/vc-utils.c:555:9: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat (sub_path_w, fdata.cFileName);
data/seafile-7.0.10/daemon/vc-utils.h:52:44: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct SeafileCrypt *crypt,
data/seafile-7.0.10/lib/utils.c:187:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path+len+4, obj_id+2);
data/seafile-7.0.10/lib/utils.c:313:5: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat (fullpath_w, worktree_w);
data/seafile-7.0.10/lib/utils.c:538:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= GENERIC_READ;
data/seafile-7.0.10/lib/utils.c:540:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= GENERIC_WRITE;
data/seafile-7.0.10/lib/utils.c:545:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access,
data/seafile-7.0.10/lib/utils.c:575:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= GENERIC_READ;
data/seafile-7.0.10/lib/utils.c:577:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= GENERIC_WRITE;
data/seafile-7.0.10/lib/utils.c:582:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access,
data/seafile-7.0.10/lib/utils.c:638:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access (path, F_OK) == 0);
data/seafile-7.0.10/lib/utils.c:675:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy (pattern, path_w);
data/seafile-7.0.10/lib/utils.c:2050:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sprintf (path, "/proc/%s/exe", dir->d_name) < 0) {
data/seafile-7.0.10/daemon/seaf-daemon.c:396:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, short_options,
data/seafile-7.0.10/daemon/seaf-daemon.c:496:42: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
worktree_dir = g_build_filename (g_get_home_dir(), "seafile", NULL);
data/seafile-7.0.10/lib/utils.c:1095:28: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const char *home = g_get_home_dir();
data/seafile-7.0.10/common/block-backend-fs.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/common/block-backend-fs.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->block_id, block_id, 41);
data/seafile-7.0.10/common/block-backend-fs.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (block_md->id, block_id, 40);
data/seafile-7.0.10/common/block-backend-fs.c:248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (block_md->id, handle->block_id, 40);
data/seafile-7.0.10/common/block-backend-fs.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[128];
data/seafile-7.0.10/common/block-backend-fs.c:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX], *pos;
data/seafile-7.0.10/common/block-backend-fs.c:285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (path, block_dir, dir_len);
data/seafile-7.0.10/common/block-backend-fs.c:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/block-backend-fs.c:419:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, priv->v0_block_dir, priv->v0_block_dir_len);
data/seafile-7.0.10/common/block-backend-fs.c:428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, block_sha1, 2);
data/seafile-7.0.10/common/block-backend-fs.c:432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, block_sha1 + 2, 41 - 2);
data/seafile-7.0.10/common/block-mgr.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10240];
data/seafile-7.0.10/common/block.h:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/common/branch-mgr.c:25:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (branch->repo_id, repo_id, 36);
data/seafile-7.0.10/common/branch-mgr.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (branch->commit_id, commit_id, 40);
data/seafile-7.0.10/common/branch-mgr.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (branch->commit_id, commit_id, 40);
data/seafile-7.0.10/common/branch-mgr.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/common/branch-mgr.c:323:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_commit_id, commit_id, 41);
data/seafile-7.0.10/common/branch-mgr.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/seafile-7.0.10/common/branch-mgr.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41] = { 0 };
data/seafile-7.0.10/common/branch-mgr.c:502:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, commit_id, 41);
data/seafile-7.0.10/common/branch-mgr.c:512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41];
data/seafile-7.0.10/common/branch-mgr.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/common/branch-mgr.h:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/common/branch-mgr.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41];
data/seafile-7.0.10/common/cdc/cdc.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[NAME_MAX_SZ];
data/seafile-7.0.10/common/cdc/cdc.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum_str[CHECKSUM_LENGTH *2 + 1];
data/seafile-7.0.10/common/cdc/cdc.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file_descr->blk_sha1s + \
data/seafile-7.0.10/common/cdc/cdc.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/common/cdc/rabin-checksum.c:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char bytemsb[0x100] = {
data/seafile-7.0.10/common/commit-mgr.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (commit->repo_id, repo_id, 36);
data/seafile-7.0.10/common/commit-mgr.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (commit->root_id, root_id, 40);
data/seafile-7.0.10/common/commit-mgr.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (commit->creator_id, creator_id, 40);
data/seafile-7.0.10/common/commit-mgr.c:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (commit->commit_id, commit_id, 40);
data/seafile-7.0.10/common/commit-mgr.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41];
data/seafile-7.0.10/common/commit-mgr.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/common/commit-mgr.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root_id[41]; /* the fs root */
data/seafile-7.0.10/common/commit-mgr.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creator_id[41];
data/seafile-7.0.10/common/diff-simple.c:13:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (de->sha1, sha1, 20);
data/seafile-7.0.10/common/diff-simple.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/diff-simple.c:32:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (de->sha1, sha1, 20);
data/seafile-7.0.10/common/diff-simple.c:336:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *roots[2];
data/seafile-7.0.10/common/diff-simple.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opt.store_id, repo->id, 36);
data/seafile-7.0.10/common/diff-simple.c:371:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *roots[2];
data/seafile-7.0.10/common/diff-simple.c:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opt.store_id, store_id, 36);
data/seafile-7.0.10/common/diff-simple.c:454:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *roots[3];
data/seafile-7.0.10/common/diff-simple.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opt.store_id, repo->id, 36);
data/seafile-7.0.10/common/diff-simple.c:519:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *roots[3];
data/seafile-7.0.10/common/diff-simple.c:529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opt.store_id, store_id, 36);
data/seafile-7.0.10/common/diff-simple.c:556:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char empty_sha1[20];
data/seafile-7.0.10/common/diff-simple.h:43:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20]; /* used for resolve rename */
data/seafile-7.0.10/common/diff-simple.h:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char store_id[37];
data/seafile-7.0.10/common/fs-mgr.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_ids[0];
data/seafile-7.0.10/common/fs-mgr.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[40];
data/seafile-7.0.10/common/fs-mgr.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/seafile-7.0.10/common/fs-mgr.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirents[0];
data/seafile-7.0.10/common/fs-mgr.c:414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ondisk->block_ids, cdc->blk_sha1s, cdc->block_nr * 20);
data/seafile-7.0.10/common/fs-mgr.c:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/common/fs-mgr.c:450:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/fs-mgr.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/common/fs-mgr.c:502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seafile_id[41];
data/seafile-7.0.10/common/fs-mgr.c:559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum_str[41];
data/seafile-7.0.10/common/fs-mgr.c:725:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->blk_sha1s + idx * CHECKSUM_LENGTH, chunk->checksum, CHECKSUM_LENGTH);
data/seafile-7.0.10/common/fs-mgr.c:867:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cdc.repo_id, repo_id, 36);
data/seafile-7.0.10/common/fs-mgr.c:874:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cdc.repo_id, repo_id, 36);
data/seafile-7.0.10/common/fs-mgr.c:956:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (seafile->file_id, id, 41);
data/seafile-7.0.10/common/fs-mgr.c:1009:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (seafile->file_id, id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1157:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/fs-mgr.c:1251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir->dir_id, id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1261:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dir->dir_id, EMPTY_SHA1, 40);
data/seafile-7.0.10/common/fs-mgr.c:1291:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dent->id, sha1, 40);
data/seafile-7.0.10/common/fs-mgr.c:1360:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(root->dir_id, dir_id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1369:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dent->id, ptr, 40);
data/seafile-7.0.10/common/fs-mgr.c:1438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dirent->id, id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dir->dir_id, dir_id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1572:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (de_ondisk->id, de->id, 40);
data/seafile-7.0.10/common/fs-mgr.c:1574:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (de_ondisk->name, de->name, de->name_len);
data/seafile-7.0.10/common/fs-mgr.c:1623:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/fs-mgr.c:2558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/common/fs-mgr.c:2560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SEAF_DIR_NAME_LEN];
data/seafile-7.0.10/common/fs-mgr.c:2567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check_id[41];
data/seafile-7.0.10/common/fs-mgr.c:2590:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id, ptr, 40);
data/seafile-7.0.10/common/fs-mgr.c:2597:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, ptr, name_len);
data/seafile-7.0.10/common/fs-mgr.c:2634:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/fs-mgr.c:2635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[41];
data/seafile-7.0.10/common/fs-mgr.c:2694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check_id[41];
data/seafile-7.0.10/common/fs-mgr.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/common/fs-mgr.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/common/fs-mgr.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_id[41];
data/seafile-7.0.10/common/index/cache-tree.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(down->name, path, pathlen);
data/seafile-7.0.10/common/index/cache-tree.h:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/seafile-7.0.10/common/index/cache-tree.h:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.c:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->name, name, len + 1);
data/seafile-7.0.10/common/index/index.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->name, name, len + 1);
data/seafile-7.0.10/common/index/index.c:548:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.c:559:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.c:969:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.c:987:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce->name, path, namelen);
data/seafile-7.0.10/common/index/index.c:1046:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ce->sha1, sha1, 20);
data/seafile-7.0.10/common/index/index.c:1108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce->name, path, namelen);
data/seafile-7.0.10/common/index/index.c:1249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_ce, ce, sizeof(struct cache_entry));
data/seafile-7.0.10/common/index/index.c:1254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_ce->name, new_ce_name, namelen);
data/seafile-7.0.10/common/index/index.c:1411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (istate->cache + pos, new_ces, n_entries * sizeof(struct cache_entry *));
data/seafile-7.0.10/common/index/index.c:1655:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce->name, path, len);
data/seafile-7.0.10/common/index/index.c:1762:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SEAF_PATH_MAX];
data/seafile-7.0.10/common/index/index.c:1795:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char write_buffer[WRITE_BUFFER_SIZE];
data/seafile-7.0.10/common/index/index.c:1803:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_buffer[WRITE_BUFFER_SIZE];
data/seafile-7.0.10/common/index/index.c:1826:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->write_buffer + buffered, data, partial);
data/seafile-7.0.10/common/index/index.c:1941:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, ce->name, ce_namelen(ce));
data/seafile-7.0.10/common/index/index.h:129:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.h:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; /* more */
data/seafile-7.0.10/common/index/index.h:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; /* more */
data/seafile-7.0.10/common/index/index.h:167:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.h:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; /* more */
data/seafile-7.0.10/common/index/index.h:191:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/common/index/index.h:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; /* more */
data/seafile-7.0.10/common/index/index.h:256:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, offsetof(struct cache_entry, modifier));
data/seafile-7.0.10/common/index/index.h:510:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char null_sha1[20];
data/seafile-7.0.10/common/index/index.h:521:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha_dst, sha_src, 20);
data/seafile-7.0.10/common/log.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/seafile-7.0.10/common/log.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/seafile-7.0.10/common/obj-backend-fs.c:42:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, priv->v0_obj_dir, priv->v0_dir_len);
data/seafile-7.0.10/common/obj-backend-fs.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, obj_id, 2);
data/seafile-7.0.10/common/obj-backend-fs.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pos, obj_id + 2, 41 - 2);
data/seafile-7.0.10/common/obj-backend-fs.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:167:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int dir_fd = open (parent_dir, O_RDONLY);
data/seafile-7.0.10/common/obj-backend-fs.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_id[128];
data/seafile-7.0.10/common/obj-backend-fs.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX], *pos;
data/seafile-7.0.10/common/obj-backend-fs.c:387:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (path, obj_dir, dir_len);
data/seafile-7.0.10/common/obj-backend-fs.c:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/obj-backend-fs.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[SEAF_PATH_MAX];
data/seafile-7.0.10/common/rpc-service.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allzeros[41] = {0};
data/seafile-7.0.10/common/seafile-crypt.c:34:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char salt[8] = { 0xda, 0x90, 0x45, 0xc3, 0x06, 0xc7, 0xcc, 0x26 };
data/seafile-7.0.10/common/seafile-crypt.c:42:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (crypt->key, key, 16);
data/seafile-7.0.10/common/seafile-crypt.c:44:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (crypt->key, key, 32);
data/seafile-7.0.10/common/seafile-crypt.c:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (crypt->iv, iv, 16);
data/seafile-7.0.10/common/seafile-crypt.c:67:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char repo_salt_bin[32];
data/seafile-7.0.10/common/seafile-crypt.c:121:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char repo_salt_bin[32];
data/seafile-7.0.10/common/seafile-crypt.c:145:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secret_key[32], *rand_key;
data/seafile-7.0.10/common/seafile-crypt.c:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[16];
data/seafile-7.0.10/common/seafile-crypt.c:183:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[16];
data/seafile-7.0.10/common/seafile-crypt.c:205:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[16];
data/seafile-7.0.10/common/seafile-crypt.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[65];
data/seafile-7.0.10/common/seafile-crypt.c:237:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[16];
data/seafile-7.0.10/common/seafile-crypt.c:242:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key_out, key, 16);
data/seafile-7.0.10/common/seafile-crypt.c:243:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (iv_out, iv, 16);
data/seafile-7.0.10/common/seafile-crypt.c:246:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_random_key[48], *dec_random_key;
data/seafile-7.0.10/common/seafile-crypt.c:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key_out, key, 32);
data/seafile-7.0.10/common/seafile-crypt.c:271:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (iv_out, iv, 16);
data/seafile-7.0.10/common/seafile-crypt.c:285:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[16];
data/seafile-7.0.10/common/seafile-crypt.c:286:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char random_key_raw[48], *secret_key, *new_random_key_raw;
data/seafile-7.0.10/common/seafile-crypt.c:343:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data_in, in_len);
data/seafile-7.0.10/common/seafile-crypt.h:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32]; /* set when enc_version >= 1 */
data/seafile-7.0.10/common/seafile-crypt.h:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/seafile-7.0.10/common/vc-common.c:371:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (parent, p1->commit_id, 41);
data/seafile-7.0.10/common/vc-common.c:393:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (parent, p1->commit_id, 41);
data/seafile-7.0.10/common/vc-common.c:395:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (parent, p2->commit_id, 41);
data/seafile-7.0.10/common/vc-common.c:400:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (parent, p1->commit_id, 41);
data/seafile-7.0.10/common/vc-common.c:405:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (parent, p2->commit_id, 41);
data/seafile-7.0.10/common/vc-common.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41];
data/seafile-7.0.10/common/vc-common.c:438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (commit_id, head, 41);
data/seafile-7.0.10/common/vc-common.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[64];
data/seafile-7.0.10/daemon/cevent.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CEVENT_SIZE];
data/seafile-7.0.10/daemon/change-set.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_id[41];
data/seafile-7.0.10/daemon/change-set.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/daemon/change-set.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dent->id, id, 40);
data/seafile-7.0.10/daemon/change-set.c:133:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dir->dir_id, id, 40);
data/seafile-7.0.10/daemon/change-set.c:253:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (changeset->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/change-set.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/daemon/change-set.c:610:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dent->id, new_id, 40);
data/seafile-7.0.10/daemon/change-set.c:620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dir->dir_id, seaf_dir->dir_id, 40);
data/seafile-7.0.10/daemon/change-set.c:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/daemon/change-set.h:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/clone-mgr.c:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->server_head_id, result->head_commit, 40);
data/seafile-7.0.10/daemon/clone-mgr.c:289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->repo_id, repo_id, 37);
data/seafile-7.0.10/daemon/clone-mgr.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/clone-mgr.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/clone-mgr.c:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/clone-mgr.c:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/clone-mgr.c:1539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->repo_id, task->repo_id, 36);
data/seafile-7.0.10/daemon/clone-mgr.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/clone-mgr.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_id[41];
data/seafile-7.0.10/daemon/clone-mgr.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root_id[41];
data/seafile-7.0.10/daemon/clone-mgr.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_head_id[41];
data/seafile-7.0.10/daemon/filelock-mgr.c:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/filelock-mgr.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/filelock-mgr.c:704:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/filelock-mgr.h:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/http-tx-mgr.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:689:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rsp->content + rsp->size, contents, realsize);
data/seafile-7.0.10/daemon/http-tx-mgr.c:828:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, req->content, copy_size);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:1332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head_commit[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:1362:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->head_commit, head_commit, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result.head_commit, data->head_commit, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1644:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1939:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:2636:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opts.store_id, task->repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:2642:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *trees[2];
data/seafile-7.0.10/daemon/http-tx-mgr.c:2852:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opts.store_id, task->repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:2858:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *trees[2];
data/seafile-7.0.10/daemon/http-tx-mgr.c:2983:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_id[40];
data/seafile-7.0.10/daemon/http-tx-mgr.c:3022:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hdr.obj_id, obj_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (opts.store_id, task->repo_id, 36);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3213:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *trees[2];
data/seafile-7.0.10/daemon/http-tx-mgr.c:3241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:3324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data.block_id, block_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:3464:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->block_id, block_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3567:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rsp_content_str, rsp_content, rsp_size);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3649:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->head, local->commit_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:3874:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (task->head, server_head_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:4160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recv_obj_id[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:4165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (recv_obj_id, hdr->obj_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.c:4225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_id[41];
data/seafile-7.0.10/daemon/http-tx-mgr.c:4295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data.block_id, block_id, 40);
data/seafile-7.0.10/daemon/http-tx-mgr.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/http-tx-mgr.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[41];
data/seafile-7.0.10/daemon/http-tx-mgr.h:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head_commit[41];
data/seafile-7.0.10/daemon/http-tx-mgr.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/http-tx-mgr.h:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/http-tx-mgr.h:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/http-tx-mgr.h:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/job-mgr.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/seafile-7.0.10/daemon/repo-mgr.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file->file_id, file_id, 40);
data/seafile-7.0.10/daemon/repo-mgr.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:210:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file->file_id, file_id, 40);
data/seafile-7.0.10/daemon/repo-mgr.c:241:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file->file_id, file_id, 40);
data/seafile-7.0.10/daemon/repo-mgr.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:834:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->id, id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:960:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->root_id, commit->root_id, 40);
data/seafile-7.0.10/daemon/repo-mgr.c:964:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->magic, commit->magic, 32);
data/seafile-7.0.10/daemon/repo-mgr.c:966:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->magic, commit->magic, 64);
data/seafile-7.0.10/daemon/repo-mgr.c:967:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->random_key, commit->random_key, 96);
data/seafile-7.0.10/daemon/repo-mgr.c:970:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->magic, commit->magic, 64);
data/seafile-7.0.10/daemon/repo-mgr.c:971:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->random_key, commit->random_key, 96);
data/seafile-7.0.10/daemon/repo-mgr.c:972:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->salt, commit->salt, 64);
data/seafile-7.0.10/daemon/repo-mgr.c:975:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->magic, commit->magic, 64);
data/seafile-7.0.10/daemon/repo-mgr.c:976:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->random_key, commit->random_key, 96);
data/seafile-7.0.10/daemon/repo-mgr.c:977:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (repo->salt, commit->salt, 64);
data/seafile-7.0.10/daemon/repo-mgr.c:1518:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char allzero[20] = {0};
data/seafile-7.0.10/daemon/repo-mgr.c:1782:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char allzero[20] = {0};
data/seafile-7.0.10/daemon/repo-mgr.c:1882:5: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat (pattern, L"\\*");
data/seafile-7.0.10/daemon/repo-mgr.c:1951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/repo-mgr.c:2290:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char allzero[20] = {0};
data/seafile-7.0.10/daemon/repo-mgr.c:3468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/repo-mgr.c:3589:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (job->repo_id, info->repo_id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:3634:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (job->repo_id, repo->id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:3651:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (job->repo_id, repo->id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:3970:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:3993:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/repo-mgr.c:3996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4038:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce->name, de->name, namelen);
data/seafile-7.0.10/daemon/repo-mgr.c:4257:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ce->sha1, de->sha1, 20);
data/seafile-7.0.10/daemon/repo-mgr.c:4273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/repo-mgr.c:4277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conflict_head_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4753:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data.repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/repo-mgr.c:4757:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data.conflict_head_id, conflict_head_id, 40);
data/seafile-7.0.10/daemon/repo-mgr.c:4794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:4838:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ce->sha1, de->sha1, 20);
data/seafile-7.0.10/daemon/repo-mgr.c:4885:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/daemon/repo-mgr.c:4915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:5033:5: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat (pattern, L"\\*");
data/seafile-7.0.10/daemon/repo-mgr.c:5305:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.c:5365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/repo-mgr.c:5487:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_key[32], enc_iv[16];
data/seafile-7.0.10/daemon/repo-mgr.c:5973:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6053:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6069:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6098:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/repo-mgr.c:6358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6396:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/repo-mgr.c:6554:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int interval = atoi(value);
data/seafile-7.0.10/daemon/repo-mgr.c:6802:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int interval = atoi(value);
data/seafile-7.0.10/daemon/repo-mgr.c:6893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[512];
data/seafile-7.0.10/daemon/repo-mgr.c:6894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[65], iv[33];
data/seafile-7.0.10/daemon/repo-mgr.c:7174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/seafile-7.0.10/daemon/repo-mgr.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_key[32]; /* 256-bit encryption key */
data/seafile-7.0.10/daemon/repo-mgr.h:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_iv[16];
data/seafile-7.0.10/daemon/repo-mgr.h:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/repo-mgr.h:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/seaf-daemon.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32767] = {0};
data/seafile-7.0.10/daemon/seaf-daemon.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userNameBuf[bufCharCount];
data/seafile-7.0.10/daemon/seafile-config.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/seafile-config.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/seafile-config.c:69:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi (value);
data/seafile-7.0.10/daemon/seafile-config.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/seafile-config.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/seafile-session.c:304:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20];
data/seafile-7.0.10/daemon/seafile-session.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1[41];
data/seafile-7.0.10/daemon/seafile-session.c:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/seafile-7.0.10/daemon/sync-mgr.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/sync-mgr.c:909:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->head_commit, result->head_commit, 40);
data/seafile-7.0.10/daemon/sync-mgr.c:1446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[41];
data/seafile-7.0.10/daemon/sync-mgr.c:1594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/sync-mgr.c:1731:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->repo_id, repo->id, 36);
data/seafile-7.0.10/daemon/sync-mgr.c:1860:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->repo_id, repo->id, 36);
data/seafile-7.0.10/daemon/sync-mgr.c:2065:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->head_commit, tx_task->head, 41);
data/seafile-7.0.10/daemon/sync-mgr.c:2095:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->head_commit, tx_task->head, 41);
data/seafile-7.0.10/daemon/sync-mgr.c:2347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allzeros[41] = {0};
data/seafile-7.0.10/daemon/sync-mgr.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[41]; /* the repo */
data/seafile-7.0.10/daemon/sync-mgr.h:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head_commit[41]; /* head commit on relay */
data/seafile-7.0.10/daemon/vc-utils.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[41];
data/seafile-7.0.10/daemon/vc-utils.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_shadow[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/vc-utils.c:304:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sha1, cdc.file_sum, 20);
data/seafile-7.0.10/daemon/vc-utils.c:316:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-7.0.10/daemon/vc-utils.c:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/vc-utils.c:538:5: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat (pattern, L"\\*");
data/seafile-7.0.10/daemon/wt-monitor-linux.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX];
data/seafile-7.0.10/daemon/wt-monitor-linux.c:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->last_event.name, event->name, event->len);
data/seafile-7.0.10/daemon/wt-monitor-structs.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (status->repo_id, repo_id, 36);
data/seafile-7.0.10/daemon/wt-monitor-structs.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/wt-monitor-win32.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIR_WATCH_BUFSIZE];
data/seafile-7.0.10/daemon/wt-monitor-win32.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SEAF_PATH_MAX];
data/seafile-7.0.10/daemon/wt-monitor-win32.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->last_event.name, event->FileName, event->FileNameLength);
data/seafile-7.0.10/daemon/wt-monitor.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd.repo_id, repo_id, 37);
data/seafile-7.0.10/daemon/wt-monitor.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd.repo_id, repo_id, 37);
data/seafile-7.0.10/daemon/wt-monitor.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd.repo_id, repo_id, 37);
data/seafile-7.0.10/daemon/wt-monitor.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repo_id[37];
data/seafile-7.0.10/daemon/wt-monitor.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worktree[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/net.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/seafile-7.0.10/lib/net.c:329:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[128]; /* Unix domain is largest */
data/seafile-7.0.10/lib/net.c:358:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "(no pathname bound)");
data/seafile-7.0.10/lib/net.c:466:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*saptr, res->ai_addr, res->ai_addrlen);
data/seafile-7.0.10/lib/net.c:543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sarecv, sasend, salen);
data/seafile-7.0.10/lib/net.c:582:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.gr_group, grp, grplen);
data/seafile-7.0.10/lib/net.c:594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mreq.imr_multiaddr.s_addr,
data/seafile-7.0.10/lib/net.c:609:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mreq.imr_interface,
data/seafile-7.0.10/lib/net.c:628:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mreq6.ipv6mr_multiaddr,
data/seafile-7.0.10/lib/net.c:673:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sarecv, sasend, salen);
data/seafile-7.0.10/lib/utils.c:103:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/seafile-7.0.10/lib/utils.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdir[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/utils.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subdir, base, len);
data/seafile-7.0.10/lib/utils.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, base, len);
data/seafile-7.0.10/lib/utils.c:312:5: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy (fullpath_w, L"\\\\?\\");
data/seafile-7.0.10/lib/utils.c:562:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open (path, flags);
data/seafile-7.0.10/lib/utils.c:599:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open (path, flags, mode);
data/seafile-7.0.10/lib/utils.c:676:5: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat (pattern, L"\\*");
data/seafile-7.0.10/lib/utils.c:1045:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/seafile-7.0.10/lib/utils.c:1089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_path[SEAF_PATH_MAX + 1];
data/seafile-7.0.10/lib/utils.c:1096:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_path, home, strlen(home));
data/seafile-7.0.10/lib/utils.c:1100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, q, strlen(q));
data/seafile-7.0.10/lib/utils.c:1111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_path[SEAF_PATH_MAX + 1];
data/seafile-7.0.10/lib/utils.c:1136:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_path, src, len);
data/seafile-7.0.10/lib/utils.c:1144:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_path, pw->pw_dir, len);
data/seafile-7.0.10/lib/utils.c:1180:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (next_out, ntoken, len);
data/seafile-7.0.10/lib/utils.c:1283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_str, str, 37);
data/seafile-7.0.10/lib/utils.c:1295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, 37);
data/seafile-7.0.10/lib/utils.c:1453:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(struct in6_addr)];
data/seafile-7.0.10/lib/utils.c:1781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/seafile-7.0.10/lib/utils.c:1798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process_name[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/utils.c:1825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/utils.c:1826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process_name[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/utils.c:2010:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
bufsize = MultiByteToWideChar
data/seafile-7.0.10/lib/utils.c:2024:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar
data/seafile-7.0.10/lib/utils.c:2048:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512];
data/seafile-7.0.10/lib/utils.c:2054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SEAF_PATH_MAX];
data/seafile-7.0.10/lib/utils.c:2068:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(dir->d_name);
data/seafile-7.0.10/lib/utils.c:2373:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[ZLIB_BUF_SIZE];
data/seafile-7.0.10/msi/custom/custom.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (path2, path, strlen(path));
data/seafile-7.0.10/common/block-backend-fs.c:63:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail (strlen(block_id) == 40, NULL);
data/seafile-7.0.10/common/block-backend-fs.c:278:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (block_dir);
data/seafile-7.0.10/common/block-backend-fs.c:464:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->v0_block_dir_len = strlen(priv->v0_block_dir);
data/seafile-7.0.10/common/block-backend-fs.c:467:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->block_dir_len = strlen (priv->block_dir);
data/seafile-7.0.10/common/block-backend-fs.c:470:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->tmp_dir_len = strlen (tmp_dir);
data/seafile-7.0.10/common/commit-mgr.c:48:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (ctx, (guchar *)commit->creator_name, strlen(commit->creator_name)+1);
data/seafile-7.0.10/common/commit-mgr.c:49:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (ctx, (guchar *)commit->desc, strlen(commit->desc)+1);
data/seafile-7.0.10/common/commit-mgr.c:118:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen (json_data);
data/seafile-7.0.10/common/commit-mgr.c:734:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!creator || strlen(creator) != 40 ||
data/seafile-7.0.10/common/commit-mgr.c:743:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!magic || strlen(magic) != 32)
data/seafile-7.0.10/common/commit-mgr.c:747:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!magic || strlen(magic) != 64)
data/seafile-7.0.10/common/commit-mgr.c:749:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!random_key || strlen(random_key) != 96)
data/seafile-7.0.10/common/commit-mgr.c:753:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!magic || strlen(magic) != 64)
data/seafile-7.0.10/common/commit-mgr.c:755:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!random_key || strlen(random_key) != 96)
data/seafile-7.0.10/common/commit-mgr.c:757:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!salt || strlen(salt) != 64)
data/seafile-7.0.10/common/commit-mgr.c:761:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!magic || strlen(magic) != 64)
data/seafile-7.0.10/common/commit-mgr.c:763:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!random_key || strlen(random_key) != 96)
data/seafile-7.0.10/common/commit-mgr.c:765:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!salt || strlen(salt) != 64)
data/seafile-7.0.10/common/commit-mgr.c:826:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!commit_id || strlen(commit_id) != 40)
data/seafile-7.0.10/common/commit-mgr.c:872:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data);
data/seafile-7.0.10/common/diff-simple.c:630:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (de_dir->name);
data/seafile-7.0.10/common/diff-simple.c:631:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (de_file->name) > dir_len &&
data/seafile-7.0.10/common/diff-simple.c:639:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (de_dir->name);
data/seafile-7.0.10/common/diff-simple.c:640:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (de_file->name) > dir_len &&
data/seafile-7.0.10/common/diff-simple.c:719:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(de->name), de->name);
data/seafile-7.0.10/common/diff-simple.c:723:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(de->name), de->name,
data/seafile-7.0.10/common/diff-simple.c:724:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(de->new_name), de->new_name);
data/seafile-7.0.10/common/fs-mgr.c:447:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*ondisk_size = strlen(data);
data/seafile-7.0.10/common/fs-mgr.c:485:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ondisk_size = strlen(data);
data/seafile-7.0.10/common/fs-mgr.c:635:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (ctx, (unsigned char *)uuid, strlen(uuid));
data/seafile-7.0.10/common/fs-mgr.c:649:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (ctx, (unsigned char *)uuid, strlen(uuid));
data/seafile-7.0.10/common/fs-mgr.c:1155:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(data);
data/seafile-7.0.10/common/fs-mgr.c:1301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dent->name_len = strlen(name);
data/seafile-7.0.10/common/fs-mgr.c:1439:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirent->name_len = strlen(name);
data/seafile-7.0.10/common/fs-mgr.c:1620:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(data);
data/seafile-7.0.10/common/fs-mgr.c:2378:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int off = strlen(copy) - 1;
data/seafile-7.0.10/common/fs-mgr.c:2388:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(copy) == 0) {
data/seafile-7.0.10/common/index/cache-tree.c:117:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pathlen = strlen(path);
data/seafile-7.0.10/common/index/cache-tree.c:144:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(path);
data/seafile-7.0.10/common/index/cache-tree.c:208:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int this_len = strlen(this_name);
data/seafile-7.0.10/common/index/cache-tree.c:209:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (this_len < strlen(next_name) &&
data/seafile-7.0.10/common/index/cache-tree.c:503:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slash = path + strlen(path);
data/seafile-7.0.10/common/index/index.c:129:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/seafile-7.0.10/common/index/index.c:171:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/seafile-7.0.10/common/index/index.c:745:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pos = index_name_pos(istate, path, strlen(path));
data/seafile-7.0.10/common/index/index.c:771:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int matchlen = strlen(match);
data/seafile-7.0.10/common/index/index.c:863:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index_name_exists (istate, parent, strlen(parent), 0) != NULL) {
data/seafile-7.0.10/common/index/index.c:980:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(path);
data/seafile-7.0.10/common/index/index.c:1082:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int this_len = strlen (ce->name) + 1;
data/seafile-7.0.10/common/index/index.c:1105:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(path);
data/seafile-7.0.10/common/index/index.c:1165:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pathlen = strlen(path_prefix);
data/seafile-7.0.10/common/index/index.c:1242:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int src_pathlen = strlen(src_path);
data/seafile-7.0.10/common/index/index.c:1246:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(new_ce_name);
data/seafile-7.0.10/common/index/index.c:1269:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int src_pathlen = strlen(src_path);
data/seafile-7.0.10/common/index/index.c:1384:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dst_pathlen = strlen(dst_path);
data/seafile-7.0.10/common/index/index.c:1434:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pathlen = strlen(path);
data/seafile-7.0.10/common/index/index.c:1554:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(dir);
data/seafile-7.0.10/common/index/index.c:1650:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/seafile-7.0.10/common/index/index.h:274:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(ce->name + CE_NAMEMASK) + CE_NAMEMASK;
data/seafile-7.0.10/common/obj-backend-fs.c:380:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (obj_dir);
data/seafile-7.0.10/common/obj-backend-fs.c:516:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->v0_dir_len = strlen(priv->v0_obj_dir);
data/seafile-7.0.10/common/obj-backend-fs.c:519:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->dir_len = strlen (priv->obj_dir);
data/seafile-7.0.10/common/obj-backend.h:10:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (ObjBackend *bend,
data/seafile-7.0.10/common/obj-store.c:60:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return bend->read (bend, repo_id, version, obj_id, data, len);
data/seafile-7.0.10/common/rpc-service.c:192:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!repo_id || strlen(repo_id) != 36) {
data/seafile-7.0.10/common/rpc-service.c:234:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!repo_id || strlen(repo_id) != 36) {
data/seafile-7.0.10/common/rpc-service.c:529:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(canon_path);
data/seafile-7.0.10/common/rpc-service.c:565:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(canon_path);
data/seafile-7.0.10/common/rpc-service.c:597:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(canon_path);
data/seafile-7.0.10/common/seafile-crypt.c:161:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seafile_derive_key (passwd, strlen(passwd), version, repo_salt, key, iv);
data/seafile-7.0.10/common/seafile-crypt.c:239:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seafile_derive_key (passwd, strlen(passwd), enc_version, repo_salt, key, iv);
data/seafile-7.0.10/common/seafile-crypt.c:291:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seafile_derive_key (old_passwd, strlen(old_passwd), enc_version,
data/seafile-7.0.10/common/seafile-crypt.c:307:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seafile_derive_key (new_passwd, strlen(new_passwd), enc_version,
data/seafile-7.0.10/daemon/change-set.c:568:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parent) >= strlen(top_dir)) {
data/seafile-7.0.10/daemon/change-set.c:568:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parent) >= strlen(top_dir)) {
data/seafile-7.0.10/daemon/clone-mgr.c:196:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) <= strlen("http://"))
data/seafile-7.0.10/daemon/clone-mgr.c:196:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) <= strlen("http://"))
data/seafile-7.0.10/daemon/clone-mgr.c:200:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host = url + strlen("http://");
data/seafile-7.0.10/daemon/clone-mgr.c:798:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tail = strlen (path) - 1;
data/seafile-7.0.10/daemon/clone-mgr.c:1065:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!random_key || strlen(random_key) != 96) {
data/seafile-7.0.10/daemon/clone-mgr.c:1070:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (enc_version >= 3 && (!(repo_salt) || strlen(repo_salt) != 64) ) {
data/seafile-7.0.10/daemon/http-tx-mgr.c:758:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gboolean is_https = (strncasecmp(url, "https", strlen("https")) == 0);
data/seafile-7.0.10/daemon/http-tx-mgr.c:904:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gboolean is_https = (strncasecmp(url, "https", strlen("https")) == 0);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1031:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gboolean is_https = (strncasecmp(url, "https", strlen("https")) == 0);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1525:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/seafile-7.0.10/daemon/http-tx-mgr.c:1639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(repo_id) != 36) {
data/seafile-7.0.10/daemon/http-tx-mgr.c:1763:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (http_post (curl, url, NULL, req_content, strlen(req_content),
data/seafile-7.0.10/daemon/http-tx-mgr.c:1934:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(repo_id) != 36) {
data/seafile-7.0.10/daemon/http-tx-mgr.c:2044:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (http_post (curl, url, NULL, req_content, strlen(req_content),
data/seafile-7.0.10/daemon/http-tx-mgr.c:2322:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req_size = strlen(req_content);
data/seafile-7.0.10/daemon/http-tx-mgr.c:2917:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/seafile-7.0.10/daemon/http-tx-mgr.c:4126:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/seafile-7.0.10/daemon/repo-mgr.c:597:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(folder);
data/seafile-7.0.10/daemon/repo-mgr.c:1172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) >= SEAF_DIR_NAME_LEN)
data/seafile-7.0.10/daemon/repo-mgr.c:1265:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:1323:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:1350:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:1498:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:1762:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:1878:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len_w = wcslen(path_w);
data/seafile-7.0.10/daemon/repo-mgr.c:1958:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(full_prefix);
data/seafile-7.0.10/daemon/repo-mgr.c:2123:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (full_dir, path, strlen(full_dir)) == 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:2191:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (full_dir, path, strlen(full_dir)) == 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:2253:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:2313:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index_name_exists (istate, path, strlen(path), 0) != NULL)
data/seafile-7.0.10/daemon/repo-mgr.c:2343:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index_name_exists (istate, path, strlen(path), 0) != NULL)
data/seafile-7.0.10/daemon/repo-mgr.c:2370:58: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(parent_dir_w));
data/seafile-7.0.10/daemon/repo-mgr.c:2411:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:2459:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strchr (path, '~') || path[strlen(path)-1] == '~')
data/seafile-7.0.10/daemon/repo-mgr.c:2475:63: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_w = win32_83_path_to_long_path (worktree, path_w, wcslen(path_w));
data/seafile-7.0.10/daemon/repo-mgr.c:2511:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (full_s, dir, strlen(full_s)) == 0) {
data/seafile-7.0.10/daemon/repo-mgr.c:2819:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct cache_entry *ce = index_name_exists(istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:2951:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct cache_entry *ce = index_name_exists(istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:3046:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct cache_entry *ce = index_name_exists(istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:3315:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(dname_w) < 2)
data/seafile-7.0.10/daemon/repo-mgr.c:3742:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct cache_entry *ce = index_name_exists(istate, event->path, strlen(event->path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:4216:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = build_checkout_path (worktree, name, strlen(name));
data/seafile-7.0.10/daemon/repo-mgr.c:4251:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(de->name);
data/seafile-7.0.10/daemon/repo-mgr.c:4437:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, de->name, strlen(de->name), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:4457:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = build_checkout_path (worktree, de->name, strlen(de->name));
data/seafile-7.0.10/daemon/repo-mgr.c:4680:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, de->name, strlen(de->name), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:4963:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_path = build_checkout_path (worktree, de->new_name, strlen(de->new_name));
data/seafile-7.0.10/daemon/repo-mgr.c:5029:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len_w = wcslen(path_w);
data/seafile-7.0.10/daemon/repo-mgr.c:5053:52: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_path_w = g_new0 (wchar_t, path_len_w + wcslen(fdata.cFileName) + 2);
data/seafile-7.0.10/daemon/repo-mgr.c:5055:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat (sub_path_w, L"\\");
data/seafile-7.0.10/daemon/repo-mgr.c:5071:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, sub_path, strlen(sub_path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:5170:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, sub_path, strlen(sub_path), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:5522:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (&istate, de->name, strlen(de->name), 0);
data/seafile-7.0.10/daemon/repo-mgr.c:7195:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] == '/')
data/seafile-7.0.10/daemon/seaf-daemon.c:289:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CryptBinaryToString((BYTE*) input, strlen(input), CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, buf, &retlen);
data/seafile-7.0.10/daemon/seafile-session.c:269:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(jerror.text) > 0)
data/seafile-7.0.10/daemon/sync-mgr.c:1292:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) <= strlen("http://"))
data/seafile-7.0.10/daemon/sync-mgr.c:1292:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) <= strlen("http://"))
data/seafile-7.0.10/daemon/sync-mgr.c:1296:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host = url + strlen("http://");
data/seafile-7.0.10/daemon/sync-mgr.c:1468:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ce = index_name_exists (istate, path, strlen(path), 0);
data/seafile-7.0.10/daemon/vc-utils.c:227:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subpath_w = g_new0 (wchar_t, wcslen(parent) + wcslen(fdata->cFileName) + 2);
data/seafile-7.0.10/daemon/vc-utils.c:227:55: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subpath_w = g_new0 (wchar_t, wcslen(parent) + wcslen(fdata->cFileName) + 2);
data/seafile-7.0.10/daemon/vc-utils.c:229:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat (subpath_w, L"\\");
data/seafile-7.0.10/daemon/vc-utils.c:358:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int base_len = strlen(worktree);
data/seafile-7.0.10/daemon/vc-utils.c:402:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/seafile-7.0.10/daemon/vc-utils.c:534:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len_w = wcslen(path_w);
data/seafile-7.0.10/daemon/vc-utils.c:552:52: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_path_w = g_new0 (wchar_t, path_len_w + wcslen(fdata.cFileName) + 2);
data/seafile-7.0.10/daemon/vc-utils.c:554:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat (sub_path_w, L"\\");
data/seafile-7.0.10/daemon/wt-monitor-macos.c:130:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = event_path_nfc + strlen(worktree);
data/seafile-7.0.10/daemon/wt-monitor-macos.c:137:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(filename);
data/seafile-7.0.10/daemon/wt-monitor-macos.c:201:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = event_path_nfc + strlen(worktree);
data/seafile-7.0.10/daemon/wt-monitor-macos.c:208:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dirname);
data/seafile-7.0.10/lib/net.c:605:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifreq.ifr_name, ifname, IFNAMSIZ);
data/seafile-7.0.10/lib/utils.c:99:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ret = strlen(src);
data/seafile-7.0.10/lib/utils.c:118:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *)path + strlen(path) - 1;
data/seafile-7.0.10/lib/utils.c:139:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *)path + strlen(path) - 1;
data/seafile-7.0.10/lib/utils.c:160:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/seafile-7.0.10/lib/utils.c:181:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/seafile-7.0.10/lib/utils.c:309:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wt_len = wcslen(worktree_w);
data/seafile-7.0.10/lib/utils.c:314:5: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat (fullpath_w, L"\\");
data/seafile-7.0.10/lib/utils.c:315:5: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
wcsncat (fullpath_w, path, path_len);
data/seafile-7.0.10/lib/utils.c:672:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len_w = wcslen(path_w);
data/seafile-7.0.10/lib/utils.c:726:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/seafile-7.0.10/lib/utils.c:798:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (nread = read(fd, ptr, nleft)) < 0) {
data/seafile-7.0.10/lib/utils.c:847:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (nread = read(fd, ptr, nleft)) < 0)
data/seafile-7.0.10/lib/utils.c:1015:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read (fd, buf, len);
data/seafile-7.0.10/lib/utils.c:1096:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(new_path, home, strlen(home));
data/seafile-7.0.10/lib/utils.c:1097:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(new_path);
data/seafile-7.0.10/lib/utils.c:1100:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p, q, strlen(q));
data/seafile-7.0.10/lib/utils.c:1105:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = new_path + strlen(new_path) - 1;
data/seafile-7.0.10/lib/utils.c:1118:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) > SEAF_PATH_MAX)
data/seafile-7.0.10/lib/utils.c:1143:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pw->pw_dir);
data/seafile-7.0.10/lib/utils.c:1203:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/seafile-7.0.10/lib/utils.c:1319:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(obj_id);
data/seafile-7.0.10/lib/utils.c:1739:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src), /* len of src */
data/seafile-7.0.10/lib/utils.c:1764:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src), /* len of src */
data/seafile-7.0.10/lib/utils.c:2426:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int path_len = strlen (path);
data/seafile-7.0.10/lib/utils.c:2461:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/seafile-7.0.10/lib/utils.c:2474:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(url);
data/seafile-7.0.10/msi/custom/custom.c:83:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(path);
data/seafile-7.0.10/msi/custom/custom.c:85:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (path2, path, strlen(path));
ANALYSIS SUMMARY:
Hits = 693
Lines analyzed = 47172 in approximately 0.98 seconds (48219 lines/second)
Physical Source Lines of Code (SLOC) = 36395
Hits@level = [0] 91 [1] 176 [2] 383 [3] 3 [4] 126 [5] 5
Hits@level+ = [0+] 784 [1+] 693 [2+] 517 [3+] 134 [4+] 131 [5+] 5
Hits/KSLOC@level+ = [0+] 21.5414 [1+] 19.0411 [2+] 14.2052 [3+] 3.68182 [4+] 3.5994 [5+] 0.137382
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.