Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/serf-1.3.9/auth/auth.c Examining data/serf-1.3.9/auth/auth.h Examining data/serf-1.3.9/auth/auth_basic.c Examining data/serf-1.3.9/auth/auth_digest.c Examining data/serf-1.3.9/auth/auth_spnego.c Examining data/serf-1.3.9/auth/auth_spnego.h Examining data/serf-1.3.9/auth/auth_spnego_gss.c Examining data/serf-1.3.9/auth/auth_spnego_sspi.c Examining data/serf-1.3.9/buckets/allocator.c Examining data/serf-1.3.9/buckets/barrier_buckets.c Examining data/serf-1.3.9/buckets/buckets.c Examining data/serf-1.3.9/buckets/bwtp_buckets.c Examining data/serf-1.3.9/buckets/chunk_buckets.c Examining data/serf-1.3.9/buckets/dechunk_buckets.c Examining data/serf-1.3.9/buckets/deflate_buckets.c Examining data/serf-1.3.9/buckets/file_buckets.c Examining data/serf-1.3.9/buckets/headers_buckets.c Examining data/serf-1.3.9/buckets/iovec_buckets.c Examining data/serf-1.3.9/buckets/limit_buckets.c Examining data/serf-1.3.9/buckets/mmap_buckets.c Examining data/serf-1.3.9/buckets/request_buckets.c Examining data/serf-1.3.9/buckets/response_body_buckets.c Examining data/serf-1.3.9/buckets/response_buckets.c Examining data/serf-1.3.9/buckets/simple_buckets.c Examining data/serf-1.3.9/buckets/socket_buckets.c Examining data/serf-1.3.9/buckets/ssl_buckets.c Examining data/serf-1.3.9/buckets/aggregate_buckets.c Examining data/serf-1.3.9/context.c Examining data/serf-1.3.9/incoming.c Examining data/serf-1.3.9/outgoing.c Examining data/serf-1.3.9/serf.h Examining data/serf-1.3.9/serf_bucket_types.h Examining data/serf-1.3.9/serf_bucket_util.h Examining data/serf-1.3.9/serf_private.h Examining data/serf-1.3.9/ssltunnel.c Examining data/serf-1.3.9/test/CuTest.c Examining data/serf-1.3.9/test/CuTest.h Examining data/serf-1.3.9/test/mock_buckets.c Examining data/serf-1.3.9/test/serf_bwtp.c Examining data/serf-1.3.9/test/serf_get.c Examining data/serf-1.3.9/test/serf_request.c Examining data/serf-1.3.9/test/serf_response.c Examining data/serf-1.3.9/test/serf_server.c Examining data/serf-1.3.9/test/serf_spider.c Examining data/serf-1.3.9/test/server/test_server.c Examining data/serf-1.3.9/test/server/test_server.h Examining data/serf-1.3.9/test/server/test_sslserver.c Examining data/serf-1.3.9/test/test_all.c Examining data/serf-1.3.9/test/test_auth.c Examining data/serf-1.3.9/test/test_buckets.c Examining data/serf-1.3.9/test/test_context.c Examining data/serf-1.3.9/test/test_serf.h Examining data/serf-1.3.9/test/test_ssl.c Examining data/serf-1.3.9/test/test_util.c FINAL RESULTS: data/serf-1.3.9/buckets/buckets.c:595:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, argp); data/serf-1.3.9/buckets/buckets.c:606:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, argp); data/serf-1.3.9/buckets/buckets.c:641:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, argp); data/serf-1.3.9/buckets/request_buckets.c:133:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%" APR_INT64_T_FMT, ctx->len); data/serf-1.3.9/test/CuTest.c:51:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newStr, old); data/serf-1.3.9/test/CuTest.c:101:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str->buffer, text); data/serf-1.3.9/test/CuTest.c:117:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, format, argp); data/serf-1.3.9/test/CuTest.c:185:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s:%d: ", file, line); data/serf-1.3.9/auth/auth_digest.c:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ha1[APR_MD5_DIGESTSIZE]; data/serf-1.3.9/auth/auth_digest.c:139:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ha2[APR_MD5_DIGESTSIZE]; data/serf-1.3.9/auth/auth_digest.c:170:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char response_hdr[APR_MD5_DIGESTSIZE]; data/serf-1.3.9/auth/auth_digest.c:533:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char resp_hdr[APR_MD5_DIGESTSIZE]; data/serf-1.3.9/buckets/buckets.c:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr, str, size); data/serf-1.3.9/buckets/buckets.c:149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newmem, mem, size); data/serf-1.3.9/buckets/buckets.c:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr, str, size); data/serf-1.3.9/buckets/buckets.c:179:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, vec[i].iov_base, vec[i].iov_len); data/serf-1.3.9/buckets/buckets.c:552:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&linebuf->line[linebuf->used], data, len); data/serf-1.3.9/buckets/buckets.c:624:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/serf-1.3.9/buckets/buckets.c:630:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/serf-1.3.9/buckets/bwtp_buckets.c:39:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open; data/serf-1.3.9/buckets/bwtp_buckets.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char req_line[1000]; data/serf-1.3.9/buckets/bwtp_buckets.c:237:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (ctx->open ? "OPEN " : ""), data/serf-1.3.9/buckets/chunk_buckets.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chunk_hdr[20]; data/serf-1.3.9/buckets/deflate_buckets.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char deflate_magic[2] = { '\037', '\213' }; data/serf-1.3.9/buckets/deflate_buckets.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hdr_buffer[DEFLATE_MAGIC_SIZE]; data/serf-1.3.9/buckets/deflate_buckets.c:61:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[DEFLATE_BUFFER_SIZE]; data/serf-1.3.9/buckets/deflate_buckets.c:165:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->hdr_buffer + (ctx->stream_size - ctx->stream_left), data/serf-1.3.9/buckets/headers_buckets.c:178:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_val, val, value_size); data/serf-1.3.9/buckets/headers_buckets.c:180:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_val + value_size + 1, found->value, data/serf-1.3.9/buckets/request_buckets.c:132:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/serf-1.3.9/buckets/response_buckets.c:462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/serf-1.3.9/buckets/simple_buckets.c:70:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)ctx->original, data, len); data/serf-1.3.9/buckets/ssl_buckets.c:290:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in, data, len); data/serf-1.3.9/buckets/ssl_buckets.c:564:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/buckets/ssl_buckets.c:881:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data, *len); data/serf-1.3.9/buckets/ssl_buckets.c:941:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vecs_data + cur, vecs[i].iov_base, vecs[i].iov_len); data/serf-1.3.9/buckets/ssl_buckets.c:1028:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + *len, vecs[i].iov_base, vecs[i].iov_len); data/serf-1.3.9/buckets/ssl_buckets.c:1524:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file_path, "r"); data/serf-1.3.9/buckets/ssl_buckets.c:1685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/buckets/ssl_buckets.c:1775:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md[EVP_MAX_MD_SIZE]; data/serf-1.3.9/buckets/ssl_buckets.c:1782:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fingerprint[EVP_MAX_MD_SIZE * 3]; data/serf-1.3.9/buckets/ssl_buckets.c:1802:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/serf-1.3.9/serf.h:1029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[SERF_LINEBUF_LIMIT]; data/serf-1.3.9/serf_bucket_util.h:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SERF_DATABUF_BUFSIZE]; data/serf-1.3.9/test/CuTest.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[2]; data/serf-1.3.9/test/CuTest.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HUGE_STRING_LEN]; data/serf-1.3.9/test/CuTest.c:131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->buffer + pos, text, length); data/serf-1.3.9/test/CuTest.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HUGE_STRING_LEN]; data/serf-1.3.9/test/CuTest.c:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STRING_MAX]; data/serf-1.3.9/test/CuTest.c:269:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "expected <%d> but was <%d>", expected, actual); data/serf-1.3.9/test/CuTest.c:276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STRING_MAX]; data/serf-1.3.9/test/CuTest.c:278:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "expected <%lf> but was <%lf>", expected, actual); data/serf-1.3.9/test/CuTest.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STRING_MAX]; data/serf-1.3.9/test/CuTest.c:287:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual); data/serf-1.3.9/test/serf_bwtp.c:521:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(authn, "Basic "); data/serf-1.3.9/test/serf_bwtp.c:622:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/serf-1.3.9/test/serf_get.c:664:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/serf-1.3.9/test/serf_server.c:141:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/serf-1.3.9/test/serf_spider.c:256:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup->path, ctx->path, ctx->path_len); data/serf-1.3.9/test/serf_spider.c:392:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ctx->path, path, new_ctx->path_len + 1); data/serf-1.3.9/test/serf_spider.c:399:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ctx->query, query, new_ctx->query_len + 1); data/serf-1.3.9/test/serf_spider.c:412:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ctx->fragment, fragment, new_ctx->fragment_len + 1); data/serf-1.3.9/test/serf_spider.c:428:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ctx->full_path, new_ctx->path, new_ctx->path_len); data/serf-1.3.9/test/serf_spider.c:429:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ctx->full_path + new_ctx->path_len, new_ctx->query, data/serf-1.3.9/test/serf_spider.c:671:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(authn, "Basic "); data/serf-1.3.9/test/serf_spider.c:783:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/serf-1.3.9/test/server/test_server.c:146:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/serf-1.3.9/test/server/test_server.c:168:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/serf-1.3.9/test/server/test_server.c:188:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/serf-1.3.9/test/server/test_server.c:242:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/serf-1.3.9/test/server/test_server.c:383:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/serf-1.3.9/test/server/test_sslserver.c:272:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(certfile, "r"); data/serf-1.3.9/test/server/test_sslserver.c:338:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/test/test_buckets.c:58:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + read, data, data_len); data/serf-1.3.9/test/test_buckets.c:765:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/test/test_buckets.c:797:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/test/test_buckets.c:826:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/test/test_buckets.c:1199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/serf-1.3.9/test/test_buckets.c:1355:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char gzip_header[10] = data/serf-1.3.9/test/test_buckets.c:1472:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char gzip_header[10] = data/serf-1.3.9/test/test_buckets.c:1501:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gzip_trailer[8]; data/serf-1.3.9/test/test_buckets.c:1513:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uncompressed[BUFSIZE]; data/serf-1.3.9/test/test_context.c:895:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + j, "0123456789", 10); data/serf-1.3.9/test/test_context.c:965:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + j, "0123456789", 10); data/serf-1.3.9/auth/auth.c:251:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auth_name = apr_pstrmemdup(ab->pool, header, strlen(header)); data/serf-1.3.9/auth/auth.c:441:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_len = strlen(scheme); data/serf-1.3.9/auth/auth_basic.c:79:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realm_len = strlen(realm_name); data/serf-1.3.9/auth/auth_basic.c:108:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp_len = strlen(tmp); data/serf-1.3.9/auth/auth_digest.c:121:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = apr_md5(ha1, tmp, strlen(tmp)); data/serf-1.3.9/auth/auth_digest.c:147:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = apr_md5(ha2, tmp, strlen(tmp)); data/serf-1.3.9/auth/auth_digest.c:213:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = apr_md5(response_hdr, response, strlen(response)); data/serf-1.3.9/auth/auth_digest.c:294:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). apr_size_t last = strlen(val) - 1; data/serf-1.3.9/auth/auth_digest.c:515:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). apr_size_t last = strlen(val) - 1; data/serf-1.3.9/auth/auth_digest.c:552:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). apr_md5(resp_hdr, tmp, strlen(tmp)); data/serf-1.3.9/auth/auth_spnego.c:554:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(header, b->auth_name, strlen(b->auth_name)) == 0) { data/serf-1.3.9/auth/auth_spnego_gss.c:174:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufdesc.length = strlen(bufdesc.value); data/serf-1.3.9/buckets/buckets.c:61:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_status_t status = bucket->type->read(bucket, requested, &data, &len); data/serf-1.3.9/buckets/buckets.c:157:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). apr_size_t size = strlen(str) + 1; data/serf-1.3.9/buckets/buckets.c:343:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = (*databuf->read)(databuf->read_baton, sizeof(databuf->buf), data/serf-1.3.9/buckets/bwtp_buckets.c:210:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *c += strlen(key) + strlen(value) + 4; data/serf-1.3.9/buckets/bwtp_buckets.c:210:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *c += strlen(key) + strlen(value) + 4; data/serf-1.3.9/buckets/headers_buckets.c:130:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header, strlen(header), 0, data/serf-1.3.9/buckets/headers_buckets.c:131:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value, strlen(value), 1); data/serf-1.3.9/buckets/headers_buckets.c:140:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header, strlen(header), 1, data/serf-1.3.9/buckets/headers_buckets.c:141:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value, strlen(value), 1); data/serf-1.3.9/buckets/headers_buckets.c:150:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header, strlen(header), 0, data/serf-1.3.9/buckets/headers_buckets.c:151:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value, strlen(value), 0); data/serf-1.3.9/buckets/request_buckets.c:105:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[0].iov_len = strlen(ctx->method); data/serf-1.3.9/buckets/request_buckets.c:109:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[2].iov_len = strlen(ctx->uri); data/serf-1.3.9/buckets/response_buckets.c:475:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = serf_bucket_simple_copy_create(ctx->sl.reason, strlen(ctx->sl.reason), data/serf-1.3.9/buckets/ssl_buckets.c:374:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (int)strlen(in); data/serf-1.3.9/buckets/ssl_buckets.c:540:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nm->d.ia5->data) != nm->d.ia5->length) data/serf-1.3.9/buckets/ssl_buckets.c:579:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) != length) data/serf-1.3.9/context.c:37:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_off_t read, data/serf-1.3.9/context.c:42:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ctx->progress_read += read; data/serf-1.3.9/serf.h:232:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_off_t read, data/serf-1.3.9/serf.h:764:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_status_t (*read)(serf_bucket_t *bucket, apr_size_t requested, data/serf-1.3.9/serf.h:915:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define serf_bucket_read(b,r,d,l) SERF__RECREAD(b, (b)->type->read(b,r,d,l)) data/serf-1.3.9/serf_bucket_types.h:326:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serf_bucket_simple_create(s, strlen(s), NULL, NULL, a); data/serf-1.3.9/serf_bucket_util.h:236:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). serf_databuf_reader_t read; data/serf-1.3.9/serf_private.h:427:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void serf__context_progress_delta(void *progress_baton, apr_off_t read, data/serf-1.3.9/test/CuTest.c:49:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(old); data/serf-1.3.9/test/CuTest.c:97:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(text); data/serf-1.3.9/test/CuTest.c:124:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(text); data/serf-1.3.9/test/mock_buckets.c:76:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctx->remaining_data = strlen(action->data); data/serf-1.3.9/test/mock_buckets.c:241:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected) >= len); data/serf-1.3.9/test/mock_buckets.c:250:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(expected) == 0); data/serf-1.3.9/test/serf_bwtp.c:518:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srclen = strlen(opt_arg); data/serf-1.3.9/test/serf_get.c:510:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sep == NULL) || (sep == opt_arg) || (strlen(sep) <= 1)) { data/serf-1.3.9/test/serf_get.c:519:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdr_val, strlen(hdr_val), 1); data/serf-1.3.9/test/serf_spider.c:389:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_ctx->path_len = strlen(path); data/serf-1.3.9/test/serf_spider.c:396:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_ctx->query_len = strlen(query); data/serf-1.3.9/test/serf_spider.c:408:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_ctx->fragment_len = strlen(fragment); data/serf-1.3.9/test/serf_spider.c:488:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vec[1].iov_len = strlen(url.path + 2); data/serf-1.3.9/test/serf_spider.c:495:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vec[1].iov_len = strlen(url.path); data/serf-1.3.9/test/serf_spider.c:499:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vec[1].iov_len = strlen(url.path); data/serf-1.3.9/test/serf_spider.c:668:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srclen = strlen(opt_arg); data/serf-1.3.9/test/server/test_server.c:149:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = servctx->read(servctx, buf, &len); data/serf-1.3.9/test/server/test_server.c:171:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = servctx->read(servctx, buf, &len); data/serf-1.3.9/test/server/test_server.c:192:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_len = strlen(message->text); data/serf-1.3.9/test/server/test_server.c:200:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = servctx->read(servctx, buf, &len); data/serf-1.3.9/test/server/test_server.c:251:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = servctx->read(servctx, buf, &len); data/serf-1.3.9/test/server/test_server.c:292:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_len = strlen(action->text); data/serf-1.3.9/test/server/test_server.h:109:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). receive_func_t read; data/serf-1.3.9/test/server/test_sslserver.c:48:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, "serftest", size); data/serf-1.3.9/test/server/test_sslserver.c:50:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/serf-1.3.9/test/test_buckets.c:42:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_size_t read; data/serf-1.3.9/test/test_buckets.c:52:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (data_len > buf_len - read) data/serf-1.3.9/test/test_buckets.c:55:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data_len = buf_len - read; data/serf-1.3.9/test/test_buckets.c:58:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(buf + read, data, data_len); data/serf-1.3.9/test/test_buckets.c:63:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *read_len = read; data/serf-1.3.9/test/test_buckets.c:82:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected) >= len); data/serf-1.3.9/test/test_buckets.c:89:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(expected) == 0); data/serf-1.3.9/test/test_buckets.c:115:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected) >= len); data/serf-1.3.9/test/test_buckets.c:157:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(expected) == 0); data/serf-1.3.9/test/test_buckets.c:383:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssertIntEquals(tc, strlen("line1" CRLF "line2"), len); data/serf-1.3.9/test/test_buckets.c:398:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssertIntEquals(tc, strlen("e1" CRLF "line2"), tgt_vecs[0].iov_len); data/serf-1.3.9/test/test_buckets.c:411:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[i].iov_len = strlen(vecs[i].iov_base); data/serf-1.3.9/test/test_buckets.c:448:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[i].iov_len = strlen(vecs[i].iov_base); data/serf-1.3.9/test/test_buckets.c:576:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssertTrue(tc, len > 0 && len < strlen(BODY)); data/serf-1.3.9/test/test_buckets.c:578:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssertIntEquals(tc, strlen(BODY), len); data/serf-1.3.9/test/test_buckets.c:590:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+15, strlen(BODY)-15, alloc); data/serf-1.3.9/test/test_buckets.c:598:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+15, strlen(BODY)-15, alloc); data/serf-1.3.9/test/test_buckets.c:610:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+15, strlen(BODY)-15, alloc); data/serf-1.3.9/test/test_buckets.c:617:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len > 0 && len <= strlen(BODY) ); data/serf-1.3.9/test/test_buckets.c:638:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+22, strlen(BODY)-22, alloc); data/serf-1.3.9/test/test_buckets.c:651:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+22, strlen(BODY)-22, alloc); data/serf-1.3.9/test/test_buckets.c:691:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(BODY) >= len); data/serf-1.3.9/test/test_buckets.c:734:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(BODY) >= len); data/serf-1.3.9/test/test_buckets.c:933:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bkt = SERF_BUCKET_SIMPLE_STRING_LEN(BODY+40, strlen(BODY)-40, alloc); data/serf-1.3.9/test/test_buckets.c:941:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssertIntEquals(tc, strlen(BODY), actual_len); data/serf-1.3.9/test/test_buckets.c:979:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected) >= len); data/serf-1.3.9/test/test_buckets.c:989:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(expected) == 0); data/serf-1.3.9/test/test_buckets.c:1071:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const long nr_of_tests = strlen(fullmsg); data/serf-1.3.9/test/test_buckets.c:1093:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut = i % strlen(fullmsg); data/serf-1.3.9/test/test_buckets.c:1115:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, errmsg, strlen(ptr) >= len); data/serf-1.3.9/test/test_buckets.c:1128:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(ptr) == 0); data/serf-1.3.9/test/test_buckets.c:1180:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected) >= len); data/serf-1.3.9/test/test_buckets.c:1190:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CuAssert(tc, "Read less data than expected.", strlen(expected) == 0); data/serf-1.3.9/test/test_buckets.c:1305:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const apr_size_t pattern_len = strlen(pattern); data/serf-1.3.9/test/test_buckets.c:1393:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(msg), 1, pool)); data/serf-1.3.9/test/test_buckets.c:1397:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(msg), 0, pool)); data/serf-1.3.9/test/test_buckets.c:1409:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). read_bucket_and_check_pattern(tc, defbkt, msg, nr_of_loops * strlen(msg)); data/serf-1.3.9/test/test_buckets.c:1432:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_size_t read; data/serf-1.3.9/test/test_buckets.c:1445:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *read_len = read; data/serf-1.3.9/test/test_context.c:569:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). apr_off_t read; data/serf-1.3.9/test/test_context.c:574:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). progress_cb(void *progress_baton, apr_off_t read, apr_off_t written) data/serf-1.3.9/test/test_context.c:579:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pb->read = read; data/serf-1.3.9/test/test_context.c:643:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CuAssertTrue(tc, pb->read > 0); data/serf-1.3.9/test/test_context.c:731:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). body_bkt = serf_bucket_simple_create(REQUEST_PART1, strlen(REQUEST_PART2), data/serf-1.3.9/test/test_context.c:758:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). body_bkt = serf_bucket_simple_create(REQUEST_PART1, strlen(REQUEST_PART1), data/serf-1.3.9/test/test_context.c:881:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[0].iov_len = strlen(response); data/serf-1.3.9/test/test_context.c:901:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[i].iov_len = strlen(chunk); data/serf-1.3.9/test/test_context.c:951:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[0].iov_len = strlen(request); data/serf-1.3.9/test/test_context.c:971:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vecs[i].iov_len = strlen(chunk); data/serf-1.3.9/test/test_ssl.c:207:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(begincert, data, strlen(begincert)) == 0) data/serf-1.3.9/test/test_ssl.c:210:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(endcert, data, strlen(endcert)) == 0) data/serf-1.3.9/test/test_util.c:505:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *req_bkt = serf_bucket_simple_create(ctx->request, strlen(ctx->request), data/serf-1.3.9/test/test_util.c:516:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str, strlen(str), NULL, NULL, ANALYSIS SUMMARY: Hits = 199 Lines analyzed = 25842 in approximately 0.61 seconds (42242 lines/second) Physical Source Lines of Code (SLOC) = 17232 Hits@level = [0] 78 [1] 115 [2] 76 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 277 [1+] 199 [2+] 84 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 16.0747 [1+] 11.5483 [2+] 4.87465 [3+] 0.464253 [4+] 0.464253 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.