Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrleoutstream.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/colour.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/cursor.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrletypes.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrleoutstream.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/hextile.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rre.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/shm.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tight.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrleencodetemplate.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrlepalettehelper.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrlepalettehelper.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zywrletemplate.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/turbovnc/tight.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/turbovnc/turbojpeg.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/corre.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zlib.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrle.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/include/rfbproto.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/include/vncauth.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c
Examining data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.h
Examining data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c
Examining data/ssvnc-1.0.29/vncstorepw/vncstorepw.c
Examining data/ssvnc-1.0.29/vncstorepw/d3des.c
Examining data/ssvnc-1.0.29/vncstorepw/d3des.h
Examining data/ssvnc-1.0.29/vncstorepw/vncauth.c
Examining data/ssvnc-1.0.29/vncstorepw/unwrap.c
Examining data/ssvnc-1.0.29/vncstorepw/lim_accept.c
Examining data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c
FINAL RESULTS:
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:91:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(fname, S_IRUSR|S_IWUSR);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1756:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vncServerHost, vncServerName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1760:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vncServerHost, vncServerName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1764:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vncServerHost, vncServerName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1767:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vncServerHost, vncServerName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:938:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define rfbLog printf
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1684:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:-%d+0", id, m_big);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1686:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+%d+0", id, m_big);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1688:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+0-%d", id, m_big);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1690:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+0+%d", id, m_big);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1692:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:-%d+0", id, m_fine);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1694:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+%d+0", id, m_fine);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1696:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+0-%d", id, m_fine);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1698:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:move:+0+%d", id, m_fine);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:resize:+0+%d", id, resize);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1702:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:resize:+0-%d", id, resize);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1704:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:resize:+%d+0", id, resize);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1706:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:resize:-%d+0", id, resize);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1708:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:lower", id);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1710:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:raise", id);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1712:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:wm_delete", id);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1728:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s:geom:0x0+%d+%d", id, xi, yi);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1734:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(send, str);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "<Message>WM_PROTOCOLS: %s", func);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:132:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", label, appData.scale);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:183:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", label, curr);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:96:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "\n(LISTEN) Reverse VNC connection from IP: %s %s\n Hostname: %s\n\n", sip, time_str(), sih);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:77:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(title, titleFormat, desktopName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:288:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(params[0], params);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:498:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, fmt, jar, port);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:514:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmd);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:706:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, str);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:707:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, in);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newcmd, "%s/unwrap.so", base);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:311:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newcmd, "DYLD_FORCE_FLAT_NAMESPACE=1; export DYLD_FORCE_FLAT_NAMESPACE; DYLD_INSERT_LIBRARIES='%s/unwrap.so'; export DYLD_INSERT_LIBRARIES; %s", base, cmd);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:313:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newcmd, "LD_PRELOAD='%s/unwrap.so'; export LD_PRELOAD; %s", base, cmd);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:366:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(args[0], args);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:375:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf,"Unable to connect to exec'd command: %s\n", cmd);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:394:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf,"Unable to connect to VNC server (unix-domain socket: %s)\n", hostname);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:422:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf,"Unable to connect to VNC server (%s:%d)\n", hostname, port);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:440:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "Reason: %s\n", reason);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:562:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pv, "%s", str + strlen("server="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:583:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
} else if (sscanf(pv, rfbProtocolVersionFormat, &server_major, &server_minor) != 2) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:625:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(pv, rfbProtocolVersionFormat, &server_major, &server_minor) == 2) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:629:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "Not a valid VNC server: '%s'\n", pv);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:645:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(pv, rfbProtocolVersionFormat, &server_major, &server_minor) != 2) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:646:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf,"Not a valid VNC server: '%s'\n", pv);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:721:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(pv, rfbProtocolVersionFormat, viewer_major, viewer_minor);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:786:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "\n(LISTEN) Reverse VNC connection from IP: %s %s\n Hostname: %s\n\n", sip, time_str(), sih);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:788:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, msg_buf);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:869:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "WARNING: Anonymous Diffie-Hellman TLS used (%s),\n", pr_sec_subtype(subsectype));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:870:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, line);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1326:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("UltraVNC MS Logon Password: ");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1352:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, appData.msLogon);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1357:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, domain);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1362:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, passwd);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1556:9: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
gpw = getpass("UltraVNC MS-Logon Password: ");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1662:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "Cannot read valid password from file \"%s\"\n", appData.passwordFile);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1684:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("VNC Password: ");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1873:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("VNC Password: ");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:337:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, strs[i]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:262:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd) != 0) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:141:8: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
p = getpass("Unix Password: ");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:156:8: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
p = getpass("unixuser@unixpasswd: ");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1021:6: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p = popen(cmd, "w");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1079:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(md5str, tmp);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2002:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, argv[i]);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2015:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmd);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:256:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:261:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bytes[i] = (unsigned char)(random() & 255);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1599:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ALPHABLEND")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1602:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_POPUP_FIX")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1603:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("NOPOPUPFIX")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1605:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (!strcmp(getenv("VNCVIEWER_POPUP_FIX"), "0")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1611:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_GRAB_SERVER")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1614:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_YCROP")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1615:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int n = atoi(getenv("VNCVIEWER_YCROP"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1620:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_RFBVERSION") && strcmp(getenv("VNCVIEWER_RFBVERSION"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1620:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_RFBVERSION") && strcmp(getenv("VNCVIEWER_RFBVERSION"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1621:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
appData.rfbVersion = strdup(getenv("VNCVIEWER_RFBVERSION"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1623:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ENCODINGS") && strcmp(getenv("VNCVIEWER_ENCODINGS"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1623:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ENCODINGS") && strcmp(getenv("VNCVIEWER_ENCODINGS"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1624:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
appData.encodingsString = strdup(getenv("VNCVIEWER_ENCODINGS"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1626:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NOBELL")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1629:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_X11CURSOR")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1632:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_RAWLOCAL")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1635:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NOTTY") || getenv("SSVNC_VNCVIEWER_NOTTY")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1635:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NOTTY") || getenv("SSVNC_VNCVIEWER_NOTTY")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1638:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_SBWIDTH")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1639:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int n = atoi(getenv("VNCVIEWER_SBWIDTH"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1644:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ULTRADSM")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1647:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_ULTRA_DSM") && strcmp(getenv("SSVNC_ULTRA_DSM"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1647:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_ULTRA_DSM") && strcmp(getenv("SSVNC_ULTRA_DSM"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1650:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_NO_ULTRA_DSM")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1653:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_SCALE") && strcmp(getenv("SSVNC_SCALE"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1653:38: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_SCALE") && strcmp(getenv("SSVNC_SCALE"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1655:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
appData.scale = strdup(getenv("SSVNC_SCALE"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1658:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ESCAPE") && strcmp(getenv("VNCVIEWER_ESCAPE"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1658:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_ESCAPE") && strcmp(getenv("VNCVIEWER_ESCAPE"), "")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1660:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
appData.escapeKeys = strdup(getenv("VNCVIEWER_ESCAPE"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1672:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_SEND_CLIPBOARD")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1675:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_SEND_ALWAYS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1678:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_RECV_TEXT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1679:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = getenv("VNCVIEWER_RECV_TEXT");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1688:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_PIPELINE_UPDATES")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1690:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("VNCVIEWER_NO_PIPELINE_UPDATES")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1694:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NO_IPV4")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1697:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NO_IPV6")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1705:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_ULTRA_FTP_JAR") == NULL) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:930:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_NOSOLID")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1445:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_SCALE_STATS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1507:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_RELEASE")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1675:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("X11VNC_APPSHARE_DEBUG")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1676:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
db = atoi(getenv("X11VNC_APPSHARE_DEBUG"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1749:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_ESCAPE_KEYS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1884:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_ESCAPE_KEYS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2102:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_ESCAPE_KEYS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2177:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("NO_X11VNC_APPSHARE")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2550:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_NO_MAYBE_SYNC")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:3047:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("VNCVIEWER_ALWAYS_RECENTER")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:219:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_XTGRAB")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:221:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_NOXTGRAB")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:263:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_XTGRAB")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:265:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_NOXTGRAB")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:345:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_FORCE_UP")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/hextile.c:64:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HEXTILE_YCROP_TOO")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:62:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("SSVNC_ACCEPT_POPUP")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:226:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_MAX_LISTEN")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:227:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
maxconn = atoi(getenv("SSVNC_MAX_LISTEN"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:304:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *sml = getenv("SSVNC_MULTIPLE_LISTEN");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:364:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_NO_KILL_EXEC_CMD")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:391:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (listenParent != 0 && getenv("SSVNC_LISTEN_ONCE") && listenParent != getpid()) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:402:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_EXIT_DEBUG")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:468:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_ULTRA_FTP_JAR")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:469:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
jar = getenv("SSVNC_ULTRA_FTP_JAR");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:595:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_CHAT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:634:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_CHAT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:285:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!use_tty() && !getenv("SSVNC_NO_MESSAGE_POPUP")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:305:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_BASEDIR")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:306:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *base = getenv("SSVNC_BASEDIR");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:326:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (q && !getenv("SSVNC_SHOW_ULTRAVNC_DSM_PASSWORD")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:502:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envsetsec = getenv("SSVNC_SET_SECURITY_TYPE");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:521:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_PREDIGESTED_HANDSHAKE")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:523:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hsfile = getenv("SSVNC_PREDIGESTED_HANDSHAKE");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:553:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_SKIP_RFB_PROTOCOL_VERSION")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:572:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PRINT_DELAY1")) fprintf(stderr, "delay1: %.3f ms\n", (dnow() - dt) * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:597:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
se = getenv("STUNNEL_EXTRA_OPTS");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:599:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
se = getenv("STUNNEL_EXTRA_OPTS_USER");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:660:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_RFB_VERSION") != NULL && sscanf(getenv("SSVNC_RFB_VERSION"), "%d.%d", &viewer_major, &viewer_minor) == 2) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:660:59: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_RFB_VERSION") != NULL && sscanf(getenv("SSVNC_RFB_VERSION"), "%d.%d", &viewer_major, &viewer_minor) == 2) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:690:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_ACCEPT_POPUP_SC")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:734:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
secType = atoi(getenv("SSVNC_SET_SECURITY_TYPE"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:880:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_UNIXPW")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:881:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
unixpw(getenv("SSVNC_UNIXPW"), 1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1118:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NO_SEC_TYPE_TIGHT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1120:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_NO_SEC_TYPE_TIGHT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1446:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_MSLOGON")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1447:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
db = atoi(getenv("SSVNC_DEBUG_MSLOGON"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1577:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRY_INVERT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1678:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("VNCVIEWER_PASSWORD")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1679:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
passwd = strdup(getenv("VNCVIEWER_PASSWORD"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1687:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_PASSWORD")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2095:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_SETFORMAT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2331:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_RECTS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2332:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
db = atoi(getenv("SSVNC_DEBUG_RECTS"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2342:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2342:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2348:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("NOFTFBUPDATES")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2558:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_CHAT")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2707:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_HandleFileXfer")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2882:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG_RFB_SMSG")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2962:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_RECTS")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2963:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rdb = atoi(getenv("SSVNC_DEBUG_RECTS"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2969:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DELAY_SYNC")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2970:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
delay_sync = atoi(getenv("SSVNC_DELAY_SYNC"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3380:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ZRLE32")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3381:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strstr(getenv("ZRLE32"), "24Up")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3383:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (strstr(getenv("ZRLE32"), "24Down")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:88:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_DEBUG_SELECTION")) dbg_sel = 1;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:180:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (!getenv("VNCVIEWER_NO_CUTBUFFER")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:209:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (!getenv("VNCVIEWER_NO_CUTBUFFER")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:364:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:364:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:370:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("NOFTFBUPDATES")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:923:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_LISTEN_LOCALHOST") || use_loopback) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:990:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_LISTEN_LOCALHOST") || use_loopback) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:184:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pattern = getenv((tunnelOption) ? "VNC_TUNNEL_CMD" : "VNC_VIA_CMD");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:223:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (! getenv("SSVNC_UNIXPW_NOESC")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:296:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NO_IPV4")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:299:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_NO_IPV6")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:386:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (saw_appshare || getenv("VNCVIEWER_MIN_TITLE")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:390:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VNCVIEWER_SBWIDTH")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:391:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int sbw = atoi(getenv("VNCVIEWER_SBWIDTH"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:451:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_REPEATER") != NULL) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:452:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
appData.repeaterUltra = strdup(getenv("SSVNC_REPEATER"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:498:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("SSVNC_UNIXPW")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:499:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
unixpw(getenv("SSVNC_UNIXPW"), 0);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:936:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SSVNC_PRESERVE_ENCODING")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1218:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((force || appData.termChat) && getenv("WINDOWID")) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1220:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (sscanf(getenv("WINDOWID"), "%lu", &w) == 1) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1222:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (sscanf(getenv("WINDOWID"), "0x%lx", &w) == 1) {
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:29:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIM_ACCEPT_DEBUG")) db = 1;
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:44:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIM_ACCEPT_DEBUG")) db = 1;
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:46:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIM_ACCEPT")) {
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:47:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
maxa = atoi(getenv("LIM_ACCEPT"));
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:51:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIM_ACCEPT_TIME")) {
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:52:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
maxt = atoi(getenv("LIM_ACCEPT_TIME"));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:691:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ENCRYPT_VERBOSE")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1016:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char str[2], *q = file, *cmd = getenv("WISH") ? getenv("WISH") : "wish";
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1016:50: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char str[2], *q = file, *cmd = getenv("WISH") ? getenv("WISH") : "wish";
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1372:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("RANDSTR")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1373:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = getenv("RANDSTR");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1541:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ULTRAVNC_DSM_HELPER_SHOWCERT_ADH")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1702:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ULTRAVNC_DSM_HELPER_NOIPV6")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1822:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ULTRAVNC_DSM_HELPER_BG")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1878:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (conn2 < 0 && !getenv("ULTRAVNC_DSM_HELPER_NOIPV6")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1992:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int ms = atoi(getenv("ULTRAVNC_DSM_HELPER_LOOP"));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2024:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ULTRAVNC_DSM_HELPER_LOOP")) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2025:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("ULTRAVNC_DSM_HELPER_LOOP_SET")) {
data/ssvnc-1.0.29/vncstorepw/unwrap.c:30:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("UNWRAP_DEBUG")) db = 1;
data/ssvnc-1.0.29/vncstorepw/unwrap.c:41:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("UNWRAP_DEBUG")) db = 1;
data/ssvnc-1.0.29/vnc_unixsrc/include/rfbproto.h:187:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char rfbProtocolVersionMsg[13]; /* allow extra byte for null */
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c:41:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char Df_Key[24] = {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c:60:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc1[56] = {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c:66:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char totrot[16] = {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c:69:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc2[48] = {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/d3des.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pc1m[56], pcr[56];
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:48:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char s_fixedkey[8] = {23,82,107,6,35,78,88,7};
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encryptedPasswd[16] = {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:87:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[16];
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:161:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"r")) == NULL)
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwdFullControl, passwd, 8);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwdViewOnly, &passwd[8], 8);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:207:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:210:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:213:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/proc/loadavg", O_RDONLY);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:216:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/bin/bash", O_RDONLY);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:273:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:725:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vncServerHost[1024];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1615:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(getenv("VNCVIEWER_YCROP"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1639:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(getenv("VNCVIEWER_SBWIDTH"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1773:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vncServerHost, vncServerName, colonPos - vncServerName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1787:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vncServerPort = atoi(colonPos + 1) + portOffset;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1789:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disp = atoi(colonPos + 1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(capinfo.vendorSignature, vendor, sz_rfbCapabilityInfoVendor);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(capinfo.nameSignature, name, sz_rfbCapabilityInfoName);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *descriptions[TIGHTVNC_MAX_CAPS];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/caps.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enable_flags[TIGHTVNC_MAX_CAPS];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/cursor.c:63:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char _reverse_byte[0x100] = {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/cursor.c:576:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, Bpp * w);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/cursor.c:615:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, Bpp * w);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, Bpl);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, Bpl);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, width * Bpp);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send[200], str[100];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1676:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db = atoi(getenv("X11VNC_APPSHARE_DEBUG"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1733:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(send, "X11VNC_APPSHARE_CMD:");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1852:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%.16f", new);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1986:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2095:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2411:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(params[1]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2412:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(params[2]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2413:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buttonMask = atoi(params[3]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2432:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buttonMask = atoi(params[1]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scr, buf, widthInBytes);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scr, buf, widthInBytes);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[410];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3010];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _tbuf[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[16];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1000];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:97:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "Accept or Reject VNC connection?");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flashUser[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:163:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenPort = LISTEN_PORT_OFFSET + atoi(argv[listenArgIndex+1]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:164:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flashPort = FLASH_PORT_OFFSET + atoi(argv[listenArgIndex+1]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:184:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenPort = LISTEN_PORT_OFFSET + atoi(colonPos+1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:185:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flashPort = FLASH_PORT_OFFSET + atoi(colonPos+1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:227:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxconn = atoi(getenv("SSVNC_MAX_LISTEN"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:317:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int maxc = atoi(q+1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontName[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:441:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fontName,"-*-courier-bold-r-*-*-%d-*-*-*-*-*-iso8859-1",
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:447:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fontName,"fixed");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:149:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(geometry, "%dx%d+%d+%d", toplevelWidth, toplevelHeight, toplevelX, toplevelY);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:251:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msec = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[4096];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonName[12];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:118:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "button%d", i);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonName[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:186:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "button%d", i);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:208:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%3d", appData.qualityLevel);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonName[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:296:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "button%d", i);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:299:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "buttonNone");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonName[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:370:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "buttonD");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:372:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "button%d", i);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonName[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:428:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "buttonD");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:430:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buttonName, "button%d", i);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:657:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *send, save[2];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:750:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errorbuf[1] = {0};
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[BUFFER_SIZE];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zlib_buffer[ZLIB_BUFFER_SIZE];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:216:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tightPalette[256*4];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:281:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[10000];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[4];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:380:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rfbsock = atoi(hostname + strlen("fd="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hsparam[128];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:527:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pd = fopen(hsfile, "r")) != NULL) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:541:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pd = fopen(hsfile, "r")) != NULL) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:615:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgbuf, "***************************************************************\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:616:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgbuf, "To work around UltraVNC SC III SSL dropping after a few minutes\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:617:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgbuf, "you may need to set STUNNEL_EXTRA_OPTS_USER='options = ALL'.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:618:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgbuf, "***************************************************************\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:734:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
secType = atoi(getenv("SSVNC_SET_SECURITY_TYPE"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:757:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[3000];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:787:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "UltraVNC Server Message:\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:790:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:791:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "Accept or Reject VNC connection?");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1000], line[100];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:871:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: there will be *NO* Authentication of the VNC Server.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:872:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: I.e. a Man-In-The-Middle attack is possible.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:873:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: Configure the server to use X509 certs and verify them.\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:906:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC authentication failed (%d) for rfbSecTypeNone (RFB 3.8)\n\n", (int) authResult);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:939:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Internal error: Invalid security type: %d\n", secType);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1061:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Unknown security type from RFB server: %d\n", (int)secType);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1258:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC authentication failed (%d) for PerformAuthenticationTight rfbSecTypeNone (RFB 3.8)\n\n", (int) authResult);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1301:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "No suitable authentication schemes offered by server\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1307:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encPasswd[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1308:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encPasswd_MSLOGON[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1309:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clearPasswd_MSLOGIN[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gen[8], mod[8], pub[8], rsp[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[256], passwd[64], *gpw;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1441:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1447:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db = atoi(getenv("SSVNC_DEBUG_MSLOGON"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10000];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1521:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: The UltraVNC Diffie-Hellman Key is weak (key < 2e+9, i.e. 31 bits)\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1522:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: and so an eavesdropper could recover your MS-Logon username and\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1523:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: password via brute force in a few seconds of CPU time. \n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1524:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: If this connection is NOT being tunnelled through a separate SSL or\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1525:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: SSH encrypted tunnel, consider things carefully before proceeding...\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1526:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: Do not enter an important username+password when prompted below if\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1527:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: there is a risk of an eavesdropper sniffing this connection.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1528:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "WARNING: UltraVNC MSLogon encryption is VERY weak. You've been warned!\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256], *q, *s;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1613:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "UVNC MS-Logon authentication failed.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "UVNC MS-Logon authentication failed - too many tries.\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1623:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Unknown UVNC MS-Logon authentication result: %d\n\n",
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1694:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_fixedkey[8] = {23,82,107,6,35,78,88,7};
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1699:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Reading password failed\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1736:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC authentication failed.\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1742:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC authentication failed - too many tries\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1746:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Unknown VNC authentication result: %d\n\n", (int)authResult);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1774:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Unknown UltraVNC authentication response: 0x%x\n\n", authCont);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1832:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC authentication failed (%d) for rfbSecTypeNone (RFB 3.8)\n\n", (int) authResult);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1909:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Authentication failed\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1913:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Authentication failed - too many tries\n\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1917:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "Unknown authentication result: %d\n\n",
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2031:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sz_rfbSetEncodingsMsg + MAX_ENCODINGS * 4];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2332:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db = atoi(getenv("SSVNC_DEBUG_RECTS"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2656:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fxfer[65536];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2659:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[12];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2849:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rpl[12];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2963:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rdb = atoi(getenv("SSVNC_DEBUG_RECTS"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2970:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay_sync = atoi(getenv("SSVNC_DELAY_SYNC"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2987:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ev.xclient.data.b, "SendRFBUpdate");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5] = "\xff\xff\xff\xff";
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3778:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf,"VNC connection failed: %.*s\n", len, reason);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3785:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "VNC connection failed\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:353:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)*value, serverCutText, *length);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUF_SIZE];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:113:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fxfer[65536];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:188:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[12];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strs[100][512];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[rfbTextMaxSize];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, bufoutptr, n);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:467:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, bufoutptr, buffered);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, bufoutptr, n);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:628:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[200];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:642:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[200];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[32], *host2, *q;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:747:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(service, "%d", port);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:1194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, str[17];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tight.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &buffer[numRows * rowSize], extraBytes);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tight.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, buffer, numRows * rectWidth * (BPP / 8));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tight.c:408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tightPrevRow, thisRow, rectWidth * 3);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tight.c:464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thatRow, thisRow, rectWidth * 3 * sizeof(CARD16));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastArgv[32];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localPortStr[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remotePortStr[8];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:85:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(localPortStr, "%d", localPort);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:86:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(remotePortStr, "%d", remotePort);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:115:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*remotePort = atoi(pdisplay);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:119:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lastArgv, "localhost::%d", localPort);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:157:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*remotePort = atoi(colonPos) + portOffset;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:159:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disp = atoi(colonPos);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lastArgv, "localhost::%d", localPort);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/turbovnc/tight.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dst[y*dstw], &uncompressedData[y*rectWidth], rectWidth * (BPP / 8));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/turbovnc/tight.c:410:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tightPrevRow, thisRow, rectWidth * 3);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/turbovnc/tight.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thatRow, thisRow, rectWidth * 3 * sizeof(CARD16));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *q, *p, t[5];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, "%4d", sbw);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[100], passwd[100];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:170:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(infile, "r");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:391:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sbw = atoi(getenv("VNCVIEWER_SBWIDTH"));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:400:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sbw = atoi(argv[i+1]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:461:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100], *s, *q;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1264:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100], *s, *q;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1299:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100], *s, *q;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1334:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100], *q, *s;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1428:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100], *q, *s;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1463:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1473:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1562:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1597:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1607:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1678:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1692:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1706:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(params[0]);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.h:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *subsampLevel2str[TVNC_SAMPOPT] = {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrle.c:543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, scr, widthInBytes);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zrleoutstream.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(os->in.ptr, data, n);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/zywrletemplate.c:163:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char zywrleConv[4][256]={
data/ssvnc-1.0.29/vncstorepw/d3des.c:59:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc1[56] = {
data/ssvnc-1.0.29/vncstorepw/d3des.c:65:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char totrot[16] = {
data/ssvnc-1.0.29/vncstorepw/d3des.c:68:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pc2[48] = {
data/ssvnc-1.0.29/vncstorepw/d3des.c:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pc1m[56], pcr[56];
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:47:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxa = atoi(getenv("LIM_ACCEPT"));
data/ssvnc-1.0.29/vncstorepw/lim_accept.c:52:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxt = atoi(getenv("LIM_ACCEPT_TIME"));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:233:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keydata[1024];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:462:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listen_port = atoi(lport);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:468:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connect_port = atoi(q+1);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:518:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(keyfile, O_RDONLY);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keydata, tmp, len);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:575:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BSIZE];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:658:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char E_keystr[EVP_MAX_KEY_LENGTH];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:659:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char D_keystr[EVP_MAX_KEY_LENGTH];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:665:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BSIZE], out[BSIZE];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:667:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[SALT+1];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:668:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ivec_real[EVP_MAX_IV_LENGTH];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, salt, salt_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:736:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+salt_size, ivec, ivec_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:778:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salt, buf, salt_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:779:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ivec, buf+salt_size, ivec_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keystr, keydata, sz);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:898:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[SECUREVNC_RC4_DROP_BYTES];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:899:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[SECUREVNC_RC4_DROP_BYTES];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:947:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf, n);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2], *q = file, *cmd = getenv("WISH") ? getenv("WISH") : "wish";
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1051:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p = fopen(file, "w");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1067:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[EVP_MAX_MD_SIZE], tmp[16];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5str[EVP_MAX_MD_SIZE * 8];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1078:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%02x", (int) uc);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1087:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filebuf[SECUREVNC_RSA_PUBKEY_SIZE];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1104:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1154:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keystr[EVP_MAX_KEY_LENGTH];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BSIZE], to_viewer[BSIZE];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsasav, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1416:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[EVP_MAX_MD_SIZE], *signature;
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1521:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1522:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", getpid() * (17 + i));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1568:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1593:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1839:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
n = open("/dev/null", O_RDONLY);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[32];
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1888:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(service, "%d", connect_port);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1992:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ms = atoi(getenv("ULTRAVNC_DSM_HELPER_LOOP"));
data/ssvnc-1.0.29/vncstorepw/vncauth.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fixedkey[8] = {23,82,107,6,35,78,88,7};
data/ssvnc-1.0.29/vncstorepw/vncauth.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encryptedPasswd[8];
data/ssvnc-1.0.29/vncstorepw/vncauth.c:26:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"w")) == NULL) return 1;
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:96:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(encryptedPasswd, passwd, 8);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:98:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(encryptedPasswd + 8, passwdViewOnly, 8);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:168:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:223:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, 1) > 0) {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:279:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(passwd)) {
data/ssvnc-1.0.29/vnc_unixsrc/libvncauth/vncauth.c:296:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(passwd)) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1747:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vncServerName) > 255) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/argsresources.c:1775:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(colonPos + 1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:1737:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SendClientCutText(send, strlen(send));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2712:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(appData.rawDelay * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2991:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100*1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/desktop.c:2994:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100*1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:78:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(30 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:80:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:90:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:131:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(label) + strlen(appData.scale) < 400) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:131:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(label) + strlen(appData.scale) < 400) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(label) + strlen(curr) < 3000) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/dialogs.c:182:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(label) + strlen(curr) < 3000) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:283:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:297:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:331:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:335:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:533:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:552:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/fullscreen.c:576:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:182:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hostinfo.nodename)) == 0))) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:284:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sock, flashUser, 255);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:350:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sip) > 100) sip = "0.0.0.0";
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:352:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sih) > 300) sih = "unknown";
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/listen.c:522:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(FLASHWIDTH * 3 / 4), user, strlen(user));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:76:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = XtMalloc(strlen(titleFormat) + strlen(desktopName) + 1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:76:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = XtMalloc(strlen(titleFormat) + strlen(desktopName) + 1);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:193:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:196:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:253:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(msec * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:369:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:377:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/misc.c:404:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(stdin);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:470:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 100);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:470:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 100);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:548:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:562:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:650:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:672:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(leak) > 0) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:674:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XtVaSetValues(entry, XtNinsertPosition, strlen(leak), NULL);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:697:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + strlen(in);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:697:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + strlen(in);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:736:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt.length = strlen(in);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:798:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt.length = strlen(in);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:815:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/popup.c:824:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:307:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newcmd = (char *)malloc(strlen(base) + strlen(cmd) + 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:307:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newcmd = (char *)malloc(strlen(base) + strlen(cmd) + 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:327:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen("pw=");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:380:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfbsock = atoi(hostname + strlen("fd="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:385:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thost = strdup(hostname + strlen("unix="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:412:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *host = hosttmp + strlen("::ffff:");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:526:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:531:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:562:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(pv, "%s", str + strlen("server="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:614:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msgbuf, "\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:619:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msgbuf, "\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:706:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
latency = 1000. * atof(str + strlen("latency="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:724:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100*1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:782:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sip) > 100) sip = "0.0.0.0";
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:784:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sih) > 300) sih = "unknown";
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:863:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300*1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:868:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1000:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = q + strlen(" XY=");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1520:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "\n");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1564:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(user, appData.msLogon, 255);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1567:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(passwd, gpw, 63);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1673:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1698:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!passwd || strlen(passwd) == 0) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1703:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(passwd) > 8) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1714:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(passwd, '\0', strlen(passwd));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1875:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!passwd || strlen(passwd) == 0) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1880:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loginLen = Swap32IfLE((CARD32)strlen(login));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1881:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwdLen = Swap32IfLE((CARD32)strlen(passwd));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1888:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!WriteExact(rfbsock, login, strlen(login)) ||
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1889:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!WriteExact(rfbsock, passwd, strlen(passwd))) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:1895:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(passwd, '\0', strlen(passwd));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2092:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encStrLen = strlen(encStr);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2572:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chat.length = (unsigned int) strlen(str);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:2579:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return WriteExact(rfbsock, str, strlen(str));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/rfbproto.c:3211:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(appData.copyRectDelay * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:309:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XStoreBytes(dpy, serverCutText, strlen(serverCutText));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/selection.c:351:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(serverCutText);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:193:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rn = read(n, fxfer, 1*8192);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:244:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rn = read(n, hdr, 12);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:260:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rn = read(len, fxfer, len);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:292:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:336:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + strlen(strs[i]) < rfbTextMaxSize) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:336:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + strlen(strs[i]) < rfbTextMaxSize) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:478:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int i = read(rfbsock, buf + buffered, BUF_SIZE - buffered);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:510:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int i = read(rfbsock, out, n);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:666:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(host);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/sockets.c:774:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:112:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(pdisplay, "-0123456789") != strlen(pdisplay))
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:145:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(colonPos);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:212:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&result[j], remoteHost, 1024 - j);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:213:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(remoteHost) - 1;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:217:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&result[j], gatewayHost, 1024 - j);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:218:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(gatewayHost) - 1;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:222:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&result[j], remotePort, 1024 - j);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:223:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(remotePort) - 1;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:227:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&result[j], localPort, 1024 - j);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/tunnel.c:228:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(localPort) - 1;
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:120:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
infile = str + strlen("rm:");
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:130:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(u) >= 100) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:146:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(passwd, p, N);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:166:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, p, N);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(passwd, q+1, N);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:190:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, str, N);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:191:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(passwd, q+1, N);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = Swap32IfLE((CARD32)strlen(username));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:208:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = Swap32IfLE((CARD32)strlen(passwd));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:215:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!WriteExact(rfbsock, username, strlen(username)) ||
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:216:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!WriteExact(rfbsock, passwd, strlen(passwd))) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:463:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
appData.repeaterUltra = strdup(appData.repeaterUltra + strlen("SCIII="));
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:476:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i >= (int) strlen(appData.repeaterUltra)) {
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1499:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (0) usleep((int) latency * 1000);
data/ssvnc-1.0.29/vnc_unixsrc/vncviewer/vncviewer.c:1856:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:318:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen("noultra:");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:324:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen("rev:");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:415:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Digest = EVP_md5(); p += strlen("md5+");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:421:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Digest = EVP_sha1(); p += strlen("sha1+");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:423:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Digest = EVP_ripemd160(); p += strlen("ripe+");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:425:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Digest = EVP_ripemd160(); p += strlen("ripemd160+");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:500:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(keyfile); i++) {
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:502:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = i + strlen("pw=");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:525:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = (int) read(fd, keydata, (size_t) sb.st_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:547:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, offset = strlen("xxx bit") + 4 + 12;
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:587:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sock_fr, buf, BSIZE);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:754:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sock_fr, buf, salt_size+ivec_size+96);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:924:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sock_fr, buf, BSIZE);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1110:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = (int) read(fd, filebuf, SECUREVNC_RSA_PUBKEY_SIZE);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1161:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = (int) read(fd, contents, sb.st_size);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1217:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(server, rsabuf + len, SECUREVNC_RSA_PUBKEY_SIZE - len);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1283:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(server, (char *) &b1, 1);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1284:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(server, (char *) &b2, 1);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1285:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(server, (char *) &b3, 1);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1286:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(server, (char *) &b4, 1);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1338:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(server, (char *) buf, BSIZE);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1374:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "securevnc_setup: seeding with RANDSTR len=%d\n", strlen(s));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1375:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RAND_add(s, strlen(s), strlen(s));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1375:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RAND_add(s, strlen(s), strlen(s));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1523:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RAND_add(tmp, strlen(tmp), 5);
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1554:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSL_set_session_id_context(ssl, sid, strlen((char *)sid));
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:1997:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 2;
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2004:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd, " ");
data/ssvnc-1.0.29/vncstorepw/ultravnc_dsm_helper.c:2016:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000 * ms);
data/ssvnc-1.0.29/vncstorepw/vncauth.c:33:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(passwd)) {
ANALYSIS SUMMARY:
Hits = 645
Lines analyzed = 28164 in approximately 0.91 seconds (31041 lines/second)
Physical Source Lines of Code (SLOC) = 20698
Hits@level = [0] 785 [1] 154 [2] 270 [3] 153 [4] 67 [5] 1
Hits@level+ = [0+] 1430 [1+] 645 [2+] 491 [3+] 221 [4+] 68 [5+] 1
Hits/KSLOC@level+ = [0+] 69.0888 [1+] 31.1624 [2+] 23.7221 [3+] 10.6774 [4+] 3.28534 [5+] 0.0483138
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.