Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stunnel4-5.56+dfsg/src/ui_unix.c
Examining data/stunnel4-5.56+dfsg/src/env.c
Examining data/stunnel4-5.56+dfsg/src/libwrap.c
Examining data/stunnel4-5.56+dfsg/src/ui_win_gui.c
Examining data/stunnel4-5.56+dfsg/src/resolver.c
Examining data/stunnel4-5.56+dfsg/src/version.h
Examining data/stunnel4-5.56+dfsg/src/pty.c
Parsing failed to find end of parameter list; semicolon terminated it in (buf, sizeof buf,
#else
sprintf(buf,
#endif
"/dev/pty%c%c", ptymajors[i/num_minors],
ptyminors[i%num_minors]);
*ptyfd=open(buf, O_RDWR|O_NOCTTY);
if(*
Parsing failed to find end of parameter list; semicolon terminated it in (namebuf, 64,
#else
sprintf(namebuf,
#endif
"/dev/tty%c%c",
ptymajors[i/num_minors], ptyminors[i%num_minors]);
/* open the slave side */
*ttyfd=open(na
Examining data/stunnel4-5.56+dfsg/src/fd.c
Examining data/stunnel4-5.56+dfsg/src/log.c
Examining data/stunnel4-5.56+dfsg/src/ctx.c
Examining data/stunnel4-5.56+dfsg/src/verify.c
Examining data/stunnel4-5.56+dfsg/src/resources.h
Examining data/stunnel4-5.56+dfsg/src/cron.c
Examining data/stunnel4-5.56+dfsg/src/tls.c
Examining data/stunnel4-5.56+dfsg/src/network.c
Examining data/stunnel4-5.56+dfsg/src/str.c
Examining data/stunnel4-5.56+dfsg/src/common.h
Examining data/stunnel4-5.56+dfsg/src/sthreads.c
Examining data/stunnel4-5.56+dfsg/src/prototypes.h
Examining data/stunnel4-5.56+dfsg/src/dhparam.c
Examining data/stunnel4-5.56+dfsg/src/ui_win_cli.c
Examining data/stunnel4-5.56+dfsg/src/stunnel.c
Examining data/stunnel4-5.56+dfsg/src/file.c
Examining data/stunnel4-5.56+dfsg/src/ssl.c
Examining data/stunnel4-5.56+dfsg/src/options.c
Examining data/stunnel4-5.56+dfsg/src/client.c
Examining data/stunnel4-5.56+dfsg/src/protocol.c
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/api.h
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/api.h
Examining data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h
FINAL RESULTS:
data/stunnel4-5.56+dfsg/src/client.c:1232:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
char *line, *type, *system, *user;
data/stunnel4-5.56+dfsg/src/client.c:1276:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(!system) {
data/stunnel4-5.56+dfsg/src/client.c:1287:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
user=strchr(system, ':');
data/stunnel4-5.56+dfsg/src/common.h:222:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/stunnel4-5.56+dfsg/src/common.h:222:37: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/stunnel4-5.56+dfsg/src/common.h:224:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/stunnel4-5.56+dfsg/src/ctx.c:649:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(identity, c->opt->psk_selected->identity);
data/stunnel4-5.56+dfsg/src/file.c:187:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, line);
data/stunnel4-5.56+dfsg/src/log.c:372:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msg, sizeof msg, /* with newline */
data/stunnel4-5.56+dfsg/src/log.c:392:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msg, sizeof msg, /* without newline */
data/stunnel4-5.56+dfsg/src/options.c:4423:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt_val.c_val, opt_val_str);
data/stunnel4-5.56+dfsg/src/prototypes.h:516:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/stunnel4-5.56+dfsg/src/prototypes.h:632:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/stunnel4-5.56+dfsg/src/prototypes.h:851:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/stunnel4-5.56+dfsg/src/pty.c:86:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, buf); /* possible truncation */
data/stunnel4-5.56+dfsg/src/pty.c:101:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, slave);
data/stunnel4-5.56+dfsg/src/pty.c:136:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, pts);
data/stunnel4-5.56+dfsg/src/pty.c:169:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, name);
data/stunnel4-5.56+dfsg/src/pty.c:188:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof buf,
data/stunnel4-5.56+dfsg/src/pty.c:190:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,
data/stunnel4-5.56+dfsg/src/pty.c:198:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(namebuf, 64,
data/stunnel4-5.56+dfsg/src/pty.c:200:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(namebuf,
data/stunnel4-5.56+dfsg/src/resolver.c:204:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr_list->addr[addr_list->num].un.sun_path, name);
data/stunnel4-5.56+dfsg/src/str.c:128:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, str);
data/stunnel4-5.56+dfsg/src/str.c:138:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, str);
data/stunnel4-5.56+dfsg/src/str.c:167:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n=vsnprintf(p, size, format, ap);
data/stunnel4-5.56+dfsg/src/str.c:204:11: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n=_vsntprintf(p, size, format, ap);
data/stunnel4-5.56+dfsg/src/stunnel.c:726:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(un.sun_path, "\\socket\\stunnel-%s-%u", name, getpid());
data/stunnel4-5.56+dfsg/src/ui_win_cli.c:59:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("Cannot set directory to %s"),
data/stunnel4-5.56+dfsg/src/ui_win_cli.c:120:5: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("%s\r\n"), tstr);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:573:17: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(main_window_handle, TEXT("open"),
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:580:17: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(main_window_handle, TEXT("open"),
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:735:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ui_pass, pass_txt);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:854:5: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(curr->txt, txt);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1224:9: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(main_window_handle, TEXT("open"),
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1228:9: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(main_window_handle, TEXT("runas"),
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:35:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:35:21: [4] (format) fwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:36:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf _snwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:37:9: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf _swprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:38:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf wprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:39:9: [4] (format) _vftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:39:21: [4] (format) vfwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:40:9: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf _vsnwprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:41:9: [4] (buffer) _vstprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf _vswprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:44:9: [4] (buffer) _tscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf wscanf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:44:21: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf wscanf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:48:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat wcscat
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:48:21: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat wcscat
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:51:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy wcscpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:51:21: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy wcscpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:128:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:128:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:129:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf _snprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:129:21: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf _snprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:130:9: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:130:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:131:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf printf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:132:9: [4] (format) _vftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:132:21: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:133:9: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf _vsnprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:134:9: [4] (buffer) _vstprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vsprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:134:21: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vsprintf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:137:9: [4] (buffer) _tscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf scanf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:137:21: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf scanf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:138:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _stscanf sscanf
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:141:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat strcat
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:141:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tcscat strcat
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:145:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy strcpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:145:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tcscpy strcpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:201:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _tsystem system
data/stunnel4-5.56+dfsg/src/env.c:59:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((value=getenv("REMOTE_HOST")))
data/stunnel4-5.56+dfsg/src/env.c:63:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((value=getenv("REMOTE_PORT")))
data/stunnel4-5.56+dfsg/src/options.c:356:19: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
real_path=realpath(name, real_path);
data/stunnel4-5.56+dfsg/src/resolver.c:117:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle=LoadLibrary(file);
data/stunnel4-5.56+dfsg/src/sthreads.c:173:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&lock->critical_section);
data/stunnel4-5.56+dfsg/src/sthreads.c:180:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&lock->critical_section);
data/stunnel4-5.56+dfsg/src/sthreads.c:187:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&lock->critical_section);
data/stunnel4-5.56+dfsg/src/stunnel.c:690:8: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if(chroot(global_options.chroot_dir)) {
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:200:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define _tgetenv getenv
data/stunnel4-5.56+dfsg/src/client.c:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, fresh_c, sizeof(CLI));
data/stunnel4-5.56+dfsg/src/client.c:413:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->peer_addr.sa, &addr.sa, (size_t)addr_len);
data/stunnel4-5.56+dfsg/src/client.c:432:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->peer_addr.sa, &addr.sa, (size_t)addr_len);
data/stunnel4-5.56+dfsg/src/client.c:1247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ident, &c->peer_addr, (size_t)c->peer_addr_len);
data/stunnel4-5.56+dfsg/src/client.c:1355:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tty[64];
data/stunnel4-5.56+dfsg/src/client.c:1410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, host[40], port[6];
data/stunnel4-5.56+dfsg/src/client.c:1526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_addr, cur_addr, (size_t)len);
data/stunnel4-5.56+dfsg/src/client.c:1557:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, ptr, (size_t)len);
data/stunnel4-5.56+dfsg/src/client.c:1634:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&bind_addr.in6.sin6_addr+12,
data/stunnel4-5.56+dfsg/src/client.c:1639:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bind_addr, c->bind_addr, (size_t)addr_len(c->bind_addr));
data/stunnel4-5.56+dfsg/src/ctx.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cached_passwd[PEM_BUFSIZE]="";
data/stunnel4-5.56+dfsg/src/ctx.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[128];
data/stunnel4-5.56+dfsg/src/ctx.c:650:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk, c->opt->psk_selected->key_val, c->opt->psk_selected->key_len);
data/stunnel4-5.56+dfsg/src/ctx.c:670:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk, found->key_val, found->key_len);
data/stunnel4-5.56+dfsg/src/ctx.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pass[PEM_BUFSIZE];
data/stunnel4-5.56+dfsg/src/ctx.c:911:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cached_passwd, (size_t)len);
data/stunnel4-5.56+dfsg/src/ctx.c:1016:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ticket_data.addr, addr, (size_t)addr_len(addr));
data/stunnel4-5.56+dfsg/src/ctx.c:1183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session_id_txt[2*SSL_MAX_SSL_SESSION_ID_LENGTH+1];
data/stunnel4-5.56+dfsg/src/ctx.c:1357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session_id_txt[2*SSL_MAX_SSL_SESSION_ID_LENGTH+1];
data/stunnel4-5.56+dfsg/src/ctx.c:1391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->key, key, key_len);
data/stunnel4-5.56+dfsg/src/ctx.c:1393:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->val, val, val_len);
data/stunnel4-5.56+dfsg/src/ctx.c:1462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ret, packet->val, *ret_len);
data/stunnel4-5.56+dfsg/src/env.c:64:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
name->sin_port=htons((uint16_t)atoi(value));
data/stunnel4-5.56+dfsg/src/file.c:118:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(name, flags, 0640);
data/stunnel4-5.56+dfsg/src/file.c:227:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len=MultiByteToWideChar(CP_UTF8, 0, in, -1, NULL, 0);
data/stunnel4-5.56+dfsg/src/file.c:231:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len=MultiByteToWideChar(CP_UTF8, 0, in, -1, out, len);
data/stunnel4-5.56+dfsg/src/libwrap.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servname[SERVNAME_LEN];
data/stunnel4-5.56+dfsg/src/libwrap.c:235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(int))];
data/stunnel4-5.56+dfsg/src/libwrap.c:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvfd, CMSG_DATA(cmptr), sizeof(int));
data/stunnel4-5.56+dfsg/src/libwrap.c:289:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(int))];
data/stunnel4-5.56+dfsg/src/libwrap.c:300:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmptr), &sendfd, sizeof(int));
data/stunnel4-5.56+dfsg/src/log.c:92:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appdata[MAX_PATH], *path;
data/stunnel4-5.56+dfsg/src/log.c:312:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char table[62]=
data/stunnel4-5.56+dfsg/src/log.c:314:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd[22];
data/stunnel4-5.56+dfsg/src/log.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/stunnel4-5.56+dfsg/src/log.c:368:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmsg[80];
data/stunnel4-5.56+dfsg/src/log.c:402:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if(MultiByteToWideChar(CP_UTF8, 0, msg, -1, tmsg, 80))
data/stunnel4-5.56+dfsg/src/log.c:552:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hex[16]="0123456789ABCDEF";
data/stunnel4-5.56+dfsg/src/network.c:451:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds->orfds, fds->irfds, FD_SIZE(fds));
data/stunnel4-5.56+dfsg/src/network.c:452:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds->owfds, fds->iwfds, FD_SIZE(fds));
data/stunnel4-5.56+dfsg/src/network.c:454:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds->oxfds, fds->ixfds, FD_SIZE(fds));
data/stunnel4-5.56+dfsg/src/network.c:541:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type_str[3]={"accept", "local", "remote"};
data/stunnel4-5.56+dfsg/src/options.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[MAX_PATH];
data/stunnel4-5.56+dfsg/src/options.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_text[CONFLINELEN], *errstr;
data/stunnel4-5.56+dfsg/src/options.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[CONFLINELEN], *config_opt, *config_arg;
data/stunnel4-5.56+dfsg/src/options.c:424:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(config_line, line_text, CONFLINELEN);
data/stunnel4-5.56+dfsg/src/options.c:605:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS));
data/stunnel4-5.56+dfsg/src/options.c:610:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS));
data/stunnel4-5.56+dfsg/src/options.c:2156:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(§ion->source_addr, &new_service_options.source_addr,
data/stunnel4-5.56+dfsg/src/options.c:3009:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(§ion->sessiond_addr, &new_service_options.sessiond_addr,
data/stunnel4-5.56+dfsg/src/options.c:3971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[CONFLINELEN], *key_str;
data/stunnel4-5.56+dfsg/src/options.c:4014:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_buf, key_str, (size_t)key_len);
data/stunnel4-5.56+dfsg/src/options.c:4041:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr->key_val, key_buf, (size_t)key_len);
data/stunnel4-5.56+dfsg/src/options.c:4062:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr->key_val, src->key_val, src->key_len);
data/stunnel4-5.56+dfsg/src/options.c:4115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head->key_val, key_buf, (size_t)key_len);
data/stunnel4-5.56+dfsg/src/options.c:4215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt, sock_opts_def, sizeof sock_opts_def);
data/stunnel4-5.56+dfsg/src/options.c:4246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sock_opts_def, sizeof sock_opts_def);
data/stunnel4-5.56+dfsg/src/options.c:4252:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr->opt_val[type],
data/stunnel4-5.56+dfsg/src/options.c:4430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->opt_val[socket_type], &opt_val, sizeof(OPT_UNION));
data/stunnel4-5.56+dfsg/src/protocol.c:185:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v4.addr, &addr.in.sin_addr, 4);
data/stunnel4-5.56+dfsg/src/protocol.c:186:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v4.port, &addr.in.sin_port, 2);
data/stunnel4-5.56+dfsg/src/protocol.c:193:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v6.addr, &addr.in6.sin6_addr, 16);
data/stunnel4-5.56+dfsg/src/protocol.c:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v6.port, &addr.in6.sin6_port, 2);
data/stunnel4-5.56+dfsg/src/protocol.c:348:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.sin_addr, &addr.in.sin_addr, 4);
data/stunnel4-5.56+dfsg/src/protocol.c:413:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->connect_addr.addr[0].in.sin_addr, &socks.v4.addr, 4);
data/stunnel4-5.56+dfsg/src/protocol.c:414:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->connect_addr.addr[0].in.sin_port, &socks.v4.port, 2);
data/stunnel4-5.56+dfsg/src/protocol.c:451:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->connect_addr.addr[0].in6.sin6_addr, &socks.v6.addr, 16);
data/stunnel4-5.56+dfsg/src/protocol.c:452:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->connect_addr.addr[0].in6.sin6_port, &socks.v6.port, 2);
data/stunnel4-5.56+dfsg/src/protocol.c:476:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v4.addr, &addr.in.sin_addr, 4);
data/stunnel4-5.56+dfsg/src/protocol.c:482:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&socks.v6.addr, &addr.in6.sin6_addr, 16);
data/stunnel4-5.56+dfsg/src/protocol.c:518:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ipv6_loopback[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
data/stunnel4-5.56+dfsg/src/protocol.c:567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_host[IP_LEN], dst_host[IP_LEN];
data/stunnel4-5.56+dfsg/src/protocol.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_port[PORT_LEN], dst_port[PORT_LEN], *proto;
data/stunnel4-5.56+dfsg/src/protocol.c:1235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, buf[BUFSIZ], *ntlm1_txt, *ntlm2_txt, *ntlm3_txt, *tmpstr;
data/stunnel4-5.56+dfsg/src/protocol.c:1306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phase1[32];
data/stunnel4-5.56+dfsg/src/protocol.c:1309:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(phase1, "NTLMSSP");
data/stunnel4-5.56+dfsg/src/protocol.c:1337:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)phase3, "NTLMSSP");
data/stunnel4-5.56+dfsg/src/protocol.c:1380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)phase3+domain_off, domain, domain_len);
data/stunnel4-5.56+dfsg/src/protocol.c:1381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)phase3+user_off, user, user_len);
data/stunnel4-5.56+dfsg/src/protocol.c:1387:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[7]) {
data/stunnel4-5.56+dfsg/src/prototypes.h:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_val[16];
data/stunnel4-5.56+dfsg/src/prototypes.h:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sock_buff[BUFFSIZE]; /* socket read buffer */
data/stunnel4-5.56+dfsg/src/prototypes.h:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssl_buff[BUFFSIZE]; /* TLS read buffer */
data/stunnel4-5.56+dfsg/src/pty.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/stunnel4-5.56+dfsg/src/pty.c:103:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ttyfd=open(namebuf, O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:119:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptm=open("/dev/ptmx", O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:140:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ttyfd=open(namebuf, O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:159:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ptyfd=open("/dev/ptc", O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:170:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ttyfd=open(name, O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/stunnel4-5.56+dfsg/src/pty.c:194:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ptyfd=open(buf, O_RDWR|O_NOCTTY);
data/stunnel4-5.56+dfsg/src/pty.c:206:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*ttyfd=open(namebuf, O_RDWR | O_NOCTTY);
data/stunnel4-5.56+dfsg/src/resolver.c:173:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &addr_list->addr[i], sizeof(SOCKADDR_UNION));
data/stunnel4-5.56+dfsg/src/resolver.c:180:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &addr_list->addr[i], sizeof(SOCKADDR_UNION));
data/stunnel4-5.56+dfsg/src/resolver.c:186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &addr_list->addr[0], sizeof(SOCKADDR_UNION));
data/stunnel4-5.56+dfsg/src/resolver.c:289:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr_list->addr[(addr_list->num)++], cur->ai_addr,
data/stunnel4-5.56+dfsg/src/resolver.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(SOCKADDR_LIST));
data/stunnel4-5.56+dfsg/src/resolver.c:315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->addr, src->addr, src->num*sizeof(SOCKADDR_UNION));
data/stunnel4-5.56+dfsg/src/resolver.c:417:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai, hints, sizeof(struct addrinfo));
data/stunnel4-5.56+dfsg/src/resolver.c:481:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai, hints, sizeof(struct addrinfo));
data/stunnel4-5.56+dfsg/src/resolver.c:495:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
data/stunnel4-5.56+dfsg/src/resolver.c:502:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)ai->ai_addr)->sin_addr,
data/stunnel4-5.56+dfsg/src/resolver.c:608:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(serv, "%u", ntohs(((struct sockaddr_in *)sa)->sin_port));
data/stunnel4-5.56+dfsg/src/ssl.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, (size_t)len);
data/stunnel4-5.56+dfsg/src/ssl.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/stunnel4-5.56+dfsg/src/str.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug[DEBUG_PADDING];
data/stunnel4-5.56+dfsg/src/str.c:118:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list))
data/stunnel4-5.56+dfsg/src/str.c:311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)(alloc_list+1)+size, canary, sizeof canary);
data/stunnel4-5.56+dfsg/src/str.c:366:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)ptr+size, canary, sizeof canary);
data/stunnel4-5.56+dfsg/src/stunnel.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sun_path[108]; /* path name */
data/stunnel4-5.56+dfsg/src/ui_unix.c:69:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open("/dev/null", O_RDWR); /* open /dev/null before chroot */
data/stunnel4-5.56+dfsg/src/ui_unix.c:205:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pf=open(global_options.pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644);
data/stunnel4-5.56+dfsg/src/ui_win_cli.c:43:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *c, stunnel_exe_path[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:113:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR txt[1]; /* single character for trailing '\0' */
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:148:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ui_pass[PEM_BUFSIZE];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:159:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR stunnel_exe_path[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:235:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR window_exe_path[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:690:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR txt[PEM_BUFSIZE];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:764:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ui_pass, (size_t)len);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:796:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR file_name[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:906:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff+ptr, curr->txt, curr->len*sizeof(TCHAR));
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1205:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cwd[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1257:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR stunnel_exe_path[MAX_PATH];
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1259:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR descr_str[DESCR_LEN];
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/ShellLink.cpp:183:4: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, szBuf, -1, wszPath, MAX_PATH);
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_ansi/pluginapi.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1]; // this should be the length of string_size
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:78:21: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi _wtoi
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:79:21: [2] (integer) _wtoi64:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi64 _wtoi64
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:80:21: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttoi _wtoi
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:81:21: [2] (integer) _wtoi64:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttoi64 _wtoi64
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:171:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi atoi
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:174:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttoi atoi
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:176:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttol atol
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:185:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define _tfopen fopen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/pluginapi.h:22:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR text[1]; // this should be the length of string_size
data/stunnel4-5.56+dfsg/src/common.h:273:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define readsocket(s,b,n) read((s),(b),(n))
data/stunnel4-5.56+dfsg/src/ctx.c:249:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned servname_len=(unsigned)strlen(section->servname);
data/stunnel4-5.56+dfsg/src/ctx.c:352:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t diff=(ssize_t)strlen(servername)-((ssize_t)strlen(pattern)-1);
data/stunnel4-5.56+dfsg/src/ctx.c:352:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t diff=(ssize_t)strlen(servername)-((ssize_t)strlen(pattern)-1);
data/stunnel4-5.56+dfsg/src/ctx.c:638:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity_len=strlen(c->opt->psk_selected->identity)+1;
data/stunnel4-5.56+dfsg/src/file.c:159:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num=read(df->fd, line+i, 1);
data/stunnel4-5.56+dfsg/src/file.c:185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(line);
data/stunnel4-5.56+dfsg/src/libwrap.c:175:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(c->opt->servname)+1, c->local_rfd.fd);
data/stunnel4-5.56+dfsg/src/log.c:377:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(outfile->fh, msg, (DWORD)strlen(msg), &num, NULL);
data/stunnel4-5.56+dfsg/src/log.c:381:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(outfile ? outfile->fd : 2, msg, strlen(msg));
data/stunnel4-5.56+dfsg/src/network.c:558:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt_size=(socklen_t)strlen(ptr->opt_val[type]->c_val)+1;
data/stunnel4-5.56+dfsg/src/network.c:725:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(tmpline);
data/stunnel4-5.56+dfsg/src/network.c:902:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(tmpline);
data/stunnel4-5.56+dfsg/src/options.c:440:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=(int)strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i)
data/stunnel4-5.56+dfsg/src/options.c:445:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(config_opt[0]=='[' && config_opt[strlen(config_opt)-1]==']') { /* new section */
data/stunnel4-5.56+dfsg/src/options.c:462:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config_opt[strlen(config_opt)-1]='\0';
data/stunnel4-5.56+dfsg/src/options.c:477:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=(int)strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i)
data/stunnel4-5.56+dfsg/src/options.c:568:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*namelist)[num]->d_name, name, MAX_PATH-1);
data/stunnel4-5.56+dfsg/src/options.c:3929:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(arg && strlen(arg)==1 && *arg>='0' && *arg<='7') {
data/stunnel4-5.56+dfsg/src/options.c:3998:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line)+1>PSK_MAX_IDENTITY_LEN) { /* with the trailing '\0' */
data/stunnel4-5.56+dfsg/src/options.c:4012:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len=(long)strlen(key_str);
data/stunnel4-5.56+dfsg/src/options.c:4421:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(opt_val_str)+1>sizeof(OPT_UNION))
data/stunnel4-5.56+dfsg/src/options.c:4706:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_arg=strlen(str)/2+1;
data/stunnel4-5.56+dfsg/src/protocol.c:41:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define is_prefix(a, b) (strncasecmp((a), (b), strlen(b))==0)
data/stunnel4-5.56+dfsg/src/protocol.c:773:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded=base64(1, line, (int)strlen(user) + (int)strlen(pass) + 2);
data/stunnel4-5.56+dfsg/src/protocol.c:773:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded=base64(1, line, (int)strlen(user) + (int)strlen(pass) + 2);
data/stunnel4-5.56+dfsg/src/protocol.c:806:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded=base64(1, user, (int)strlen(user));
data/stunnel4-5.56+dfsg/src/protocol.c:821:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded=base64(1, pass, (int)strlen(pass));
data/stunnel4-5.56+dfsg/src/protocol.c:1192:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded=base64(1, line, (int)strlen(line));
data/stunnel4-5.56+dfsg/src/protocol.c:1325:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t domain_len=strlen(domain);
data/stunnel4-5.56+dfsg/src/protocol.c:1326:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t user_len=strlen(user);
data/stunnel4-5.56+dfsg/src/protocol.c:1372:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decoded=(uint8_t *)base64(0, phase2, (int)strlen(phase2)); /* decode */
data/stunnel4-5.56+dfsg/src/pty.c:183:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t num_minors=strlen(ptyminors);
data/stunnel4-5.56+dfsg/src/pty.c:184:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t num_ptys=strlen(ptymajors)*num_minors;
data/stunnel4-5.56+dfsg/src/resolver.c:196:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(offsetof(struct sockaddr_un, sun_path)+strlen(name)+1
data/stunnel4-5.56+dfsg/src/resolver.c:601:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, inet_ntoa(((struct sockaddr_in *)sa)->sin_addr),
data/stunnel4-5.56+dfsg/src/str.c:127:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval=str_alloc_debug(strlen(str)+1, file, line);
data/stunnel4-5.56+dfsg/src/str.c:137:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval=str_alloc_detached_debug(strlen(str)+1, file, line);
data/stunnel4-5.56+dfsg/src/ui_unix.c:212:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(write(pf, pid, strlen(pid))<(int)strlen(pid)) {
data/stunnel4-5.56+dfsg/src/ui_unix.c:212:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(write(pf, pid, strlen(pid))<(int)strlen(pid)) {
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:759:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=(int)strlen(ui_pass);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:837:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!WriteFile(file_handle, str, (DWORD)strlen(str), &ignore, NULL)) {
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:851:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt_len=_tcslen(txt);
data/stunnel4-5.56+dfsg/src/ui_win_gui.c:1132:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(nid.szTip, tip, 63);
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:50:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcsclen wcslen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:53:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen wcslen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:53:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen wcslen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:54:21: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsnccpy wcsncpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:55:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy wcsncpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:55:21: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy wcsncpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:143:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcsclen strlen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:147:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:147:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:148:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsnccpy strncpy
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:191:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _fgettc fgetc
data/stunnel4-5.56+dfsg/tools/plugins/ShellLink/Contrib/ShellLink/nsis_unicode/nsis_tchar.h:194:21: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _gettchar getchar
ANALYSIS SUMMARY:
Hits = 271
Lines analyzed = 21507 in approximately 0.56 seconds (38715 lines/second)
Physical Source Lines of Code (SLOC) = 17347
Hits@level = [0] 10 [1] 56 [2] 135 [3] 9 [4] 71 [5] 0
Hits@level+ = [0+] 281 [1+] 271 [2+] 215 [3+] 80 [4+] 71 [5+] 0
Hits/KSLOC@level+ = [0+] 16.1988 [1+] 15.6223 [2+] 12.3941 [3+] 4.61175 [4+] 4.09293 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.