Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ukopp-4.9/zfuncs.h Examining data/ukopp-4.9/zfuncs.cc Examining data/ukopp-4.9/ukopp-4.9.cc FINAL RESULTS: data/ukopp-4.9/ukopp-4.9.cc:2866:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(TFformatscript,0744); data/ukopp-4.9/ukopp-4.9.cc:3070:16: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. err = chown(file,uid,gid); data/ukopp-4.9/ukopp-4.9.cc:3072:16: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. err = chmod(file,perms); data/ukopp-4.9/ukopp-4.9.cc:3117:16: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. err = chown(file2,uid,gid); data/ukopp-4.9/ukopp-4.9.cc:3119:16: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. err = chmod(file2,perms); data/ukopp-4.9/ukopp-4.9.cc:3900:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(file2,fstat1.st_mode); data/ukopp-4.9/ukopp-4.9.cc:3901:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. err = chown(file2,fstat1.st_uid,fstat1.st_gid); data/ukopp-4.9/ukopp-4.9.cc:3916:13: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rcc = readlink(file1,buff,maxfcc); data/ukopp-4.9/ukopp-4.9.cc:3970:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(file2,fstat1.st_mode); // copy owner and permissions data/ukopp-4.9/ukopp-4.9.cc:3971:10: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. err = chown(file2,fstat1.st_uid,fstat1.st_gid); // from input to output file data/ukopp-4.9/ukopp-4.9.cc:4008:13: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. vcc = readlink(vfile,vbuff,maxfcc); data/ukopp-4.9/zfuncs.cc:480:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc2 = readlink("/proc/self/exe",command+cc1,990); data/ukopp-4.9/ukopp-4.9.cc:317:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(BJfilespec,argv[++ii]); data/ukopp-4.9/ukopp-4.9.cc:319:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(BJfilespec,argv[++ii]); clrun++; } data/ukopp-4.9/ukopp-4.9.cc:320:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(BJfilespec,argv[ii]); // assume a job file and load it data/ukopp-4.9/ukopp-4.9.cc:431:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"ukopp %s \n",ctime(&datetime)); // v.4.1 data/ukopp-4.9/ukopp-4.9.cc:441:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(TFbakfiles,"%s/bakfiles",appdirk); // make temp file names data/ukopp-4.9/ukopp-4.9.cc:442:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(TFpoopfile,"%s/poopfile",appdirk); data/ukopp-4.9/ukopp-4.9.cc:443:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(TFjobfile,"%s/jobfile",appdirk); data/ukopp-4.9/ukopp-4.9.cc:444:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(TFdatetime,"%s/datetime",appdirk); data/ukopp-4.9/ukopp-4.9.cc:445:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(TFformatscript,"%s/formatscript.sh",appdirk); data/ukopp-4.9/ukopp-4.9.cc:456:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(BJfspec[1],"%s/*",home); // /home/username/* data/ukopp-4.9/ukopp-4.9.cc:457:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(BJfspec[2],"%s/*/Trash/*",home); // /home/username/*/Trash/* data/ukopp-4.9/ukopp-4.9.cc:458:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(BJfspec[3],"%s/.thumbnails/*",home); // /home/username/.thumbnails/* data/ukopp-4.9/ukopp-4.9.cc:566:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logfile,"%s/ukopp.log2",get_zuserdir()); // dump window to log file data/ukopp-4.9/ukopp-4.9.cc:591:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n""ready \n"); data/ukopp-4.9/ukopp-4.9.cc:596:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** waiting for function to quit \n"); data/ukopp-4.9/ukopp-4.9.cc:600:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** KILL current function \n"); data/ukopp-4.9/ukopp-4.9.cc:650:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("udevadm --version >/dev/null 2>&1"); // keep up with dynamic Linux v.3.4 data/ukopp-4.9/ukopp-4.9.cc:664:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** exceeded %d devices \n",maxdisk); data/ukopp-4.9/ukopp-4.9.cc:690:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," no devices found \n"); data/ukopp-4.9/ukopp-4.9.cc:715:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(work,name[ii]); \ data/ukopp-4.9/ukopp-4.9.cc:716:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name[ii],name[jj]); \ data/ukopp-4.9/ukopp-4.9.cc:717:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name[jj],work); } data/ukopp-4.9/ukopp-4.9.cc:758:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text,diskdev[ii]); // /dev/xxx /media/xxx (description) data/ukopp-4.9/ukopp-4.9.cc:776:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," new target: %s %s \n",BJdev,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:777:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:845:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** cannot open job file: %s \n",jobfile); data/ukopp-4.9/ukopp-4.9.cc:856:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",buff); // output data/ukopp-4.9/ukopp-4.9.cc:860:23: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:866:23: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:872:20: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:881:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** max job records exceeded \n"); data/ukopp-4.9/ukopp-4.9.cc:912:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** cannot open job file: %s \n",jobfile); data/ukopp-4.9/ukopp-4.9.cc:951:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n backup job file: %s \n",BJfilespec); // job file v.21 data/ukopp-4.9/ukopp-4.9.cc:956:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:960:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," include %s%s%d days, %d vers%s \n", data/ukopp-4.9/ukopp-4.9.cc:962:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog," include %s \n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:966:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," exclude %s \n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:969:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," verify %s \n",vertype[BJvmode]); // verify xxxx data/ukopp-4.9/ukopp-4.9.cc:970:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," target %s %s \n",BJdev,BJdirk); // target /dev/xxx /xxxxxx data/ukopp-4.9/ukopp-4.9.cc:1032:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"%s\n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1036:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"include %s%s%d,%d%s\n", data/ukopp-4.9/ukopp-4.9.cc:1038:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(editwidget,"include %s\n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1042:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"exclude %s\n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1093:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(BJdev,orgBJdev); // restore original target v.4.1 data/ukopp-4.9/ukopp-4.9.cc:1094:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(BJdirk,orgBJdirk); data/ukopp-4.9/ukopp-4.9.cc:1107:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," target: %s \n",text); data/ukopp-4.9/ukopp-4.9.cc:1109:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1121:12: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. pp = wscanf(editwidget,ftf); data/ukopp-4.9/ukopp-4.9.cc:1126:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"%s \n *** %s \n",pp,errmess); data/ukopp-4.9/ukopp-4.9.cc:1215:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** error: %s file: %s \n",strerror(errno),file2); data/ukopp-4.9/ukopp-4.9.cc:1226:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"include %s%s%d,%d%s\n",file2,RSEP1,days,vers,RSEP2); data/ukopp-4.9/ukopp-4.9.cc:1227:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(editwidget,"include %s""\n",file2); data/ukopp-4.9/ukopp-4.9.cc:1230:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"exclude %s""\n",file2); data/ukopp-4.9/ukopp-4.9.cc:1277:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. nn = sscanf(pp2,RSEP1" %d , %d "RSEP2,&days,&vers); data/ukopp-4.9/ukopp-4.9.cc:1388:45: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (ii < Ndisk && *diskmp[ii] == '/') strcpy(BJdirk,diskmp[ii]); data/ukopp-4.9/ukopp-4.9.cc:1394:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (ii < Ndisk) strcpy(BJdev,diskdev[ii]); data/ukopp-4.9/ukopp-4.9.cc:1399:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(BJdirk+6,BJdev+4); // e.g. /media/sdf1 data/ukopp-4.9/ukopp-4.9.cc:1428:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"target is valid and not mounted \n"); // mount to existing empty data/ukopp-4.9/ukopp-4.9.cc:1441:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mountdev,BJdev); // save for later unmount() data/ukopp-4.9/ukopp-4.9.cc:1442:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mountdirk,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:1443:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"target is valid and mounted \n"); data/ukopp-4.9/ukopp-4.9.cc:1448:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"target directory is valid \n"); data/ukopp-4.9/ukopp-4.9.cc:1454:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"target is valid and not mounted \n"); // can be created at mount time data/ukopp-4.9/ukopp-4.9.cc:1484:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog,"backup job has errors \n"); data/ukopp-4.9/ukopp-4.9.cc:1502:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," files: %d bytes: %s \n",Mfiles,formatKBMB(Mbytes,3)); // files and bytes to copy data/ukopp-4.9/ukopp-4.9.cc:1505:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** nothing to back-up \n"); data/ukopp-4.9/ukopp-4.9.cc:1509:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," using backup directory: %s %s \n",BJdev,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:1514:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," assign new version numbers to modified backup files \n" data/ukopp-4.9/ukopp-4.9.cc:1536:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n *** %s \n",dfile,errmess); // log error v.4.3 data/ukopp-4.9/ukopp-4.9.cc:1542:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d backup files were assigned new versions \n",upvers); data/ukopp-4.9/ukopp-4.9.cc:1543:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d backup files were deleted \n",deleted); data/ukopp-4.9/ukopp-4.9.cc:1544:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d expired versions (%s) were purged \n\n",Pfiles,formatKBMB(Pbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:1553:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",BD_JOBFILE); data/ukopp-4.9/ukopp-4.9.cc:1557:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",BD_DATETIME); data/ukopp-4.9/ukopp-4.9.cc:1561:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," copying new and modified files from disk to backup location \n\n"); data/ukopp-4.9/ukopp-4.9.cc:1571:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:1575:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s \n",errmess); // log error v.4.3 data/ukopp-4.9/ukopp-4.9.cc:1590:15: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (terrs) wprintf(mLog," *** %d files had backup errors \n",terrs); data/ukopp-4.9/ukopp-4.9.cc:1595:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup time: %.1f secs \n",bsecs); data/ukopp-4.9/ukopp-4.9.cc:1597:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup speed: %.2f MB/sec \n",bspeed); data/ukopp-4.9/ukopp-4.9.cc:1598:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup complete \n"); data/ukopp-4.9/ukopp-4.9.cc:1602:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:1617:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); data/ukopp-4.9/ukopp-4.9.cc:1625:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (terrs > 100) wprintf(mLog," too many errors, giving up \n"); data/ukopp-4.9/ukopp-4.9.cc:1626:22: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else if (errmess) wprintf(mLog," %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1647:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** job data has errors \n"); data/ukopp-4.9/ukopp-4.9.cc:1657:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," using backup directory: %s %s \n",BJdev,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:1663:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n begin synchronize \n"); data/ukopp-4.9/ukopp-4.9.cc:1670:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",BD_JOBFILE); data/ukopp-4.9/ukopp-4.9.cc:1674:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",BD_DATETIME); data/ukopp-4.9/ukopp-4.9.cc:1683:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," disk >> backup: %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:1685:20: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1695:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup >> disk: %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:1697:20: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1722:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup >> disk: %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:1724:26: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1729:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," disk >> backup: %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:1731:26: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1748:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:1749:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:1785:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",filespec); // output filespec data/ukopp-4.9/ukopp-4.9.cc:1789:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s \n\n",errmess); // log and count errors data/ukopp-4.9/ukopp-4.9.cc:1805:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",filespec); // output filespec data/ukopp-4.9/ukopp-4.9.cc:1809:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s \n\n",errmess); // log and count errors data/ukopp-4.9/ukopp-4.9.cc:1827:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d backup files \n",Bnf); data/ukopp-4.9/ukopp-4.9.cc:1836:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",filespec); data/ukopp-4.9/ukopp-4.9.cc:1839:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-1," *** %s \n",errmess); // log and count error data/ukopp-4.9/ukopp-4.9.cc:1840:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:1851:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",filespec); data/ukopp-4.9/ukopp-4.9.cc:1854:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-1," *** %s \n",errmess); // log and count error data/ukopp-4.9/ukopp-4.9.cc:1855:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:1871:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," Compare to correspending disk files (if present). \n\n"); data/ukopp-4.9/ukopp-4.9.cc:1874:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d backup files \n",Bnf); data/ukopp-4.9/ukopp-4.9.cc:1892:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",filespec); data/ukopp-4.9/ukopp-4.9.cc:1895:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-1," *** %s \n",errmess); // log and count error data/ukopp-4.9/ukopp-4.9.cc:1896:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:1908:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-2," %s \n",filespec); data/ukopp-4.9/ukopp-4.9.cc:1911:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,-1," *** %s \n",errmess); // log and count error data/ukopp-4.9/ukopp-4.9.cc:1912:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:1924:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup files: %d (%s) \n",vfiles,formatKBMB(vbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:1925:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," backup file read errors: %d \n",fverrs); data/ukopp-4.9/ukopp-4.9.cc:1928:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," compare failures: %d \n",fcerrs); data/ukopp-4.9/ukopp-4.9.cc:1931:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," matching disk names: %d mod times: %d \n",dfiles1,dfiles2); data/ukopp-4.9/ukopp-4.9.cc:1932:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," compare failures: %d \n",fcerrs); data/ukopp-4.9/ukopp-4.9.cc:1936:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," verify time: %.1f secs \n",secs); data/ukopp-4.9/ukopp-4.9.cc:1938:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," verify speed: %.2f MB/sec \n",vspeed); data/ukopp-4.9/ukopp-4.9.cc:1943:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:1982:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %9s %s (%d, %d) \n", data/ukopp-4.9/ukopp-4.9.cc:1985:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %9s %s \n",BJfiles[ii],formatKBMB(BJbytes[ii],3),BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1989:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1992:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",BJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:1996:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %9s TOTALS \n", Dnf, formatKBMB(Dbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:2008:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n disk files: %d backup files: %d \n",Dnf,Bnf); data/ukopp-4.9/ukopp-4.9.cc:2010:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d disk files not found on backup (new files) \n",nnew); data/ukopp-4.9/ukopp-4.9.cc:2011:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d files with different data (modified files) \n",nmod); data/ukopp-4.9/ukopp-4.9.cc:2012:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d backup files not found on disk (deleted files) \n",ndel); data/ukopp-4.9/ukopp-4.9.cc:2013:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d files with identical data (unchanged files) \n",nunc); data/ukopp-4.9/ukopp-4.9.cc:2014:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," Total differences: %d files (%s new + modified) \n\n",Mfiles,formatKBMB(Mbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:2049:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %5d %5d %5d %8s %s \n", data/ukopp-4.9/ukopp-4.9.cc:2052:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdirk,pdirk); // start new directory data/ukopp-4.9/ukopp-4.9.cc:2083:23: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (kfiles > 0) wprintf(mLog," %5d %5d %5d %s %s \n", // totals from last directory data/ukopp-4.9/ukopp-4.9.cc:2121:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %8s %s \n", data/ukopp-4.9/ukopp-4.9.cc:2124:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdirk,pdirk); // start new directory data/ukopp-4.9/ukopp-4.9.cc:2147:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (knew > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory data/ukopp-4.9/ukopp-4.9.cc:2169:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %8s %s \n", data/ukopp-4.9/ukopp-4.9.cc:2172:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdirk,pdirk); // start new directory data/ukopp-4.9/ukopp-4.9.cc:2192:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (kmod > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory data/ukopp-4.9/ukopp-4.9.cc:2214:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d %8s %s \n", data/ukopp-4.9/ukopp-4.9.cc:2217:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdirk,pdirk); // start new directory data/ukopp-4.9/ukopp-4.9.cc:2238:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (kdel > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory data/ukopp-4.9/ukopp-4.9.cc:2262:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",Drec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2271:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2306:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s %s %s %s \n",bmod,copy,dmod,Drec[dii].file); data/ukopp-4.9/ukopp-4.9.cc:2332:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bfile,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:2333:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bfile,Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2354:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %5d %5d %5d %5d %5d %8s %8s %s \n", data/ukopp-4.9/ukopp-4.9.cc:2378:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bfile,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:2379:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bfile,Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2390:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %5d %5d %8s %s \n",vers,age,formatKBMB(mb1,3),Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2404:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d files found \n",Dnf); data/ukopp-4.9/ukopp-4.9.cc:2407:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",Drec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2421:30: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (Brec[ii].lover) wprintf(mLog," %s (+ vers %d-%d) \n", data/ukopp-4.9/ukopp-4.9.cc:2423:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog," %s \n",Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2446:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n matching disk files: \n"); data/ukopp-4.9/ukopp-4.9.cc:2450:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",Drec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2452:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n matching backup files: \n"); data/ukopp-4.9/ukopp-4.9.cc:2457:33: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (Brec[ii].hiver) wprintf(mLog," %s (+ vers %d-%d) \n", data/ukopp-4.9/ukopp-4.9.cc:2459:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog," %s \n",Brec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:2467:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:2483:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n Restore files from backup \n"); data/ukopp-4.9/ukopp-4.9.cc:2486:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d backup files found \n",Bnf); data/ukopp-4.9/ukopp-4.9.cc:2508:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"include %s\n",RJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:2510:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"exclude %s\n",RJfspec[ii]); data/ukopp-4.9/ukopp-4.9.cc:2543:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rdirk,BJdirk); // start at /media/xxx/dirk/xxx/ data/ukopp-4.9/ukopp-4.9.cc:2559:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rdirk,BJdirk); // validate copy-from location data/ukopp-4.9/ukopp-4.9.cc:2586:12: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. pp = wscanf(editwidget,ftf); // next record from edit widget data/ukopp-4.9/ukopp-4.9.cc:2588:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",pp); data/ukopp-4.9/ukopp-4.9.cc:2663:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rdirk,BJdirk); // copy-from location v.3.9 data/ukopp-4.9/ukopp-4.9.cc:2691:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"include %s""\n",file2 + BJdcc); // omit backup mount point data/ukopp-4.9/ukopp-4.9.cc:2693:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(editwidget,"exclude %s""\n",file2 + BJdcc); data/ukopp-4.9/ukopp-4.9.cc:2712:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (! RJvalid) wprintf(mLog," *** restore job has errors \n"); data/ukopp-4.9/ukopp-4.9.cc:2715:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n copy %d files from backup: %s \n",Rnf, RJfrom); data/ukopp-4.9/ukopp-4.9.cc:2716:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," to directory: %s \n",RJto); data/ukopp-4.9/ukopp-4.9.cc:2717:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n resulting files will be the following: \n"); data/ukopp-4.9/ukopp-4.9.cc:2727:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** not within copy-from: %s \n",file1); data/ukopp-4.9/ukopp-4.9.cc:2732:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file2,RJto); data/ukopp-4.9/ukopp-4.9.cc:2733:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file2+cc2,file1+cc1); data/ukopp-4.9/ukopp-4.9.cc:2734:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",file2); data/ukopp-4.9/ukopp-4.9.cc:2738:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %d errors \n",errs); data/ukopp-4.9/ukopp-4.9.cc:2743:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:2757:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** restore job has errors \n"); data/ukopp-4.9/ukopp-4.9.cc:2774:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dfile,RJto); // to: /destination/filespec data/ukopp-4.9/ukopp-4.9.cc:2775:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dfile,Rrec[ii].file + ccf); data/ukopp-4.9/ukopp-4.9.cc:2776:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",dfile); data/ukopp-4.9/ukopp-4.9.cc:2778:20: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:2786:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:2803:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n Format a backup device \n"); data/ukopp-4.9/ukopp-4.9.cc:2821:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text,diskdev[ii]); // /dev/xxxx description data/ukopp-4.9/ukopp-4.9.cc:2848:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," formatting %s with file system %s \n",device,filesys); data/ukopp-4.9/ukopp-4.9.cc:2852:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** cannot create format script file \n"); data/ukopp-4.9/ukopp-4.9.cc:2878:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," format: %s \n",crec); // print command output data/ukopp-4.9/ukopp-4.9.cc:2882:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," ready \n"); // v.3.6 data/ukopp-4.9/ukopp-4.9.cc:2893:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s \n",ukopp_title); data/ukopp-4.9/ukopp-4.9.cc:2894:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," free software: %s \n",ukopp_license); data/ukopp-4.9/ukopp-4.9.cc:2919:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s \n",errmess); // mount status data/ukopp-4.9/ukopp-4.9.cc:2931:23: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (menu) wprintf(mLog," already mounted \n"); data/ukopp-4.9/ukopp-4.9.cc:2935:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** target directory not on device \n"); data/ukopp-4.9/ukopp-4.9.cc:2954:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mountdev,BJdev); // save mount poop data/ukopp-4.9/ukopp-4.9.cc:2955:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mountdirk,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3040:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(poopfile,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3041:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(poopfile,BD_POOPFILE); data/ukopp-4.9/ukopp-4.9.cc:3044:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** no owner/permissions file: %s \n",poopfile); data/ukopp-4.9/ukopp-4.9.cc:3069:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," set owner/perms %d:%d %04o %s \n",uid,gid,perms,file); data/ukopp-4.9/ukopp-4.9.cc:3071:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog," *** error: %s \n",strerror(errno)); data/ukopp-4.9/ukopp-4.9.cc:3073:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog," *** error: %s \n",strerror(errno)); data/ukopp-4.9/ukopp-4.9.cc:3081:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(poopfile,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3082:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(poopfile,BD_POOPFILE); data/ukopp-4.9/ukopp-4.9.cc:3085:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** no owner/permissions file: %s \n",poopfile); data/ukopp-4.9/ukopp-4.9.cc:3113:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file2,RJto); // offset restore 'from' and 'to' paths data/ukopp-4.9/ukopp-4.9.cc:3114:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file2 + cct, file + ccf); data/ukopp-4.9/ukopp-4.9.cc:3116:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," set owner/perms %d:%d %04o %s \n",uid,gid,perms,file2); data/ukopp-4.9/ukopp-4.9.cc:3118:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog," *** error: %s \n",strerror(errno)); data/ukopp-4.9/ukopp-4.9.cc:3120:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog," *** error: %s \n",strerror(errno)); data/ukopp-4.9/ukopp-4.9.cc:3135:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirk,Drec[ii].file); // next file on disk data/ukopp-4.9/ukopp-4.9.cc:3149:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** error: %s file: %s \n",strerror(errno),dirk); data/ukopp-4.9/ukopp-4.9.cc:3161:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pdirk,dirk); // prior = this directory data/ukopp-4.9/ukopp-4.9.cc:3163:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file,Drec[ii].file); // disk file, again data/ukopp-4.9/ukopp-4.9.cc:3167:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** error: %s file: %s \n",strerror(errno),file); data/ukopp-4.9/ukopp-4.9.cc:3180:20: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (errmess) wprintf(mLog," *** poopfile error: %s \n",errmess); data/ukopp-4.9/ukopp-4.9.cc:3257:19: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** omit versioned file: %s \n",fsp); data/ukopp-4.9/ukopp-4.9.cc:3274:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** max files exceeded \n"); data/ukopp-4.9/ukopp-4.9.cc:3301:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s omit: %s \n",strerror(Drec[ii].err),Drec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:3339:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," disk files: %d %s \n",nfiles,formatKBMB(nbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:3342:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** bug: nfiles: %d Dnf: %d \n",nfiles,Dnf); data/ukopp-4.9/ukopp-4.9.cc:3343:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," nbytes: %.0f Dbytes: %.0f \n",nbytes,Dbytes); data/ukopp-4.9/ukopp-4.9.cc:3351:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** duplicate file: %s \n",Drec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:3389:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"find %s -type f -or -type l >%s",BJdirk,TFbakfiles); // backup filespecs to temp file v.3.0 data/ukopp-4.9/ukopp-4.9.cc:3411:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** filespec too big, omit: %s...",bfile2); data/ukopp-4.9/ukopp-4.9.cc:3412:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:3418:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** %s, omit: %s",strerror(errno),bfile2); data/ukopp-4.9/ukopp-4.9.cc:3419:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n"); data/ukopp-4.9/ukopp-4.9.cc:3440:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d backup files \n",Bnf); data/ukopp-4.9/ukopp-4.9.cc:3443:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** max files exceeded \n"); data/ukopp-4.9/ukopp-4.9.cc:3493:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bfile,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3494:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bfile,Brec[bb].file); data/ukopp-4.9/ukopp-4.9.cc:3533:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** version %d missing: %s \n",vers,bfile2); data/ukopp-4.9/ukopp-4.9.cc:3549:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d files not in backup set (unknown retention) \n",noret); data/ukopp-4.9/ukopp-4.9.cc:3550:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d (%s) curr. file versions \n",Cfiles,formatKBMB(Cbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:3551:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d (%s) prior file versions \n",Vfiles,formatKBMB(Vbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:3552:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %6d (%s) expired prior versions \n",Pfiles,formatKBMB(Pbytes,3)); data/ukopp-4.9/ukopp-4.9.cc:3554:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"df -h %s",mountdirk); // v.4.2 data/ukopp-4.9/ukopp-4.9.cc:3573:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog,"\n generating restore file set \n"); data/ukopp-4.9/ukopp-4.9.cc:3582:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," include %s \n",fspec); data/ukopp-4.9/ukopp-4.9.cc:3593:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** max files exceeded \n"); data/ukopp-4.9/ukopp-4.9.cc:3599:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d files added \n",ninc); data/ukopp-4.9/ukopp-4.9.cc:3604:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," exclude %s \n",fspec); data/ukopp-4.9/ukopp-4.9.cc:3617:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %d files removed \n",nexc); data/ukopp-4.9/ukopp-4.9.cc:3639:4: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," total file count: %d \n",Rnf); data/ukopp-4.9/ukopp-4.9.cc:3646:10: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," *** not within copy-from; %s \n",Rrec[ii].file); data/ukopp-4.9/ukopp-4.9.cc:3871:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mpf == 1) strcpy(file1,BJdirk); // prepend mount point if req. data/ukopp-4.9/ukopp-4.9.cc:3872:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file1,sfile); data/ukopp-4.9/ukopp-4.9.cc:3873:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mpf == 2) strcpy(file2,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3874:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file2,dfile); data/ukopp-4.9/ukopp-4.9.cc:3902:16: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog,"error: %s \n",wstrerror(err)); data/ukopp-4.9/ukopp-4.9.cc:3907:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mpf == 1) strcpy(file1,BJdirk); // refresh filespecs data/ukopp-4.9/ukopp-4.9.cc:3908:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file1,sfile); data/ukopp-4.9/ukopp-4.9.cc:3909:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (mpf == 2) strcpy(file2,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:3910:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file2,dfile); data/ukopp-4.9/ukopp-4.9.cc:3972:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog,"error: %s \n",wstrerror(err)); data/ukopp-4.9/ukopp-4.9.cc:4002:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vfile,BJdirk); // prepend mount point data/ukopp-4.9/ukopp-4.9.cc:4003:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(vfile,dfile); data/ukopp-4.9/ukopp-4.9.cc:4083:12: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog,"large block direct I/O not allowed \n %s",errmess); data/ukopp-4.9/ukopp-4.9.cc:4087:12: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog,"permission denied \n %s",errmess); data/ukopp-4.9/ukopp-4.9.cc:4119:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(psep1,VSEP1); data/ukopp-4.9/ukopp-4.9.cc:4121:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(psep1+2,VSEP2); data/ukopp-4.9/ukopp-4.9.cc:4136:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fspec1,BJdirk); data/ukopp-4.9/ukopp-4.9.cc:4137:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fspec1,bakrec.file); data/ukopp-4.9/ukopp-4.9.cc:4138:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fspec2,fspec1); data/ukopp-4.9/ukopp-4.9.cc:4167:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fspec,BJdirk); // prepend backup location data/ukopp-4.9/ukopp-4.9.cc:4168:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fspec,bakrec.file); data/ukopp-4.9/ukopp-4.9.cc:4225:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dfile,file); data/ukopp-4.9/ukopp-4.9.cc:4257:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(mLog," %s: %s \n",pname,crec); data/ukopp-4.9/ukopp-4.9.cc:4263:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (err) wprintf(mLog," %s status: %s \n", pname, strerror(err)); data/ukopp-4.9/ukopp-4.9.cc:4264:9: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else wprintf(mLog," OK \n"); data/ukopp-4.9/zfuncs.cc:210:4: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format,arglist); data/ukopp-4.9/zfuncs.cc:237:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,200,format,arglist); data/ukopp-4.9/zfuncs.cc:260:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,400,format,arglist); data/ukopp-4.9/zfuncs.cc:278:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(command,tempfile); data/ukopp-4.9/zfuncs.cc:280:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command); data/ukopp-4.9/zfuncs.cc:314:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,300,format,arglist); data/ukopp-4.9/zfuncs.cc:336:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("cat zappcrash tracedump > zappcrash2"); // combine zappcrash and tracedump data/ukopp-4.9/zfuncs.cc:337:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("mv -f zappcrash2 zappcrash"); data/ukopp-4.9/zfuncs.cc:338:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("xdg-open zappcrash"); // popup zappcrash text file data/ukopp-4.9/zfuncs.cc:466:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command); data/ukopp-4.9/zfuncs.cc:470:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command); data/ukopp-4.9/zfuncs.cc:493:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command); data/ukopp-4.9/zfuncs.cc:902:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cbuff,cc,command,arglist); data/ukopp-4.9/zfuncs.cc:905:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(cbuff); data/ukopp-4.9/zfuncs.cc:939:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cbuff,cc,command,arglist); data/ukopp-4.9/zfuncs.cc:943:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(cbuff); data/ukopp-4.9/zfuncs.cc:1007:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(command[ii],2000,Fcommand,arglist); data/ukopp-4.9/zfuncs.cc:1023:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command[ii]); // start command, wait until done data/ukopp-4.9/zfuncs.cc:1081:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buff,9999,command,arglist); data/ukopp-4.9/zfuncs.cc:1084:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); // execute command, output to FID data/ukopp-4.9/zfuncs.cc:1133:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff,"ps -C %s h o pid",pname); data/ukopp-4.9/zfuncs.cc:1134:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); // popen() instead of system() data/ukopp-4.9/zfuncs.cc:1167:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(xtcommand); data/ukopp-4.9/zfuncs.cc:1175:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(xtcommand); data/ukopp-4.9/zfuncs.cc:1312:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirk,ppath); data/ukopp-4.9/zfuncs.cc:1327:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file,pp); // file part data/ukopp-4.9/zfuncs.cc:1334:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ext,pp); // .ext part data/ukopp-4.9/zfuncs.cc:1797:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest != source) strcpy(dest,source); data/ukopp-4.9/zfuncs.cc:1841:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest != source) strcpy(dest,source); data/ukopp-4.9/zfuncs.cc:1944:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,source); data/ukopp-4.9/zfuncs.cc:1965:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,source); data/ukopp-4.9/zfuncs.cc:1998:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strout,strin); data/ukopp-4.9/zfuncs.cc:2034:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ftemp,strout); data/ukopp-4.9/zfuncs.cc:2111:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(work,pNum); data/ukopp-4.9/zfuncs.cc:2112:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(work+k1,pNum+k2+1); data/ukopp-4.9/zfuncs.cc:2113:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pNum,work); data/ukopp-4.9/zfuncs.cc:2148:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,string); data/ukopp-4.9/zfuncs.cc:2559:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/ukopp-4.9/zfuncs.cc:2562:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/ukopp-4.9/zfuncs.cc:2565:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/ukopp-4.9/zfuncs.cc:2568:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+2,pstr+3); data/ukopp-4.9/zfuncs.cc:2571:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+2,pstr+3); data/ukopp-4.9/zfuncs.cc:2821:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink) data/ukopp-4.9/zfuncs.cc:2822:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/ukopp-4.9/zfuncs.cc:2895:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink) data/ukopp-4.9/zfuncs.cc:2896:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/ukopp-4.9/zfuncs.cc:3899:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,199,format,arglist); data/ukopp-4.9/zfuncs.cc:4007:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zappname,appname); // save app name v.5.6 data/ukopp-4.9/zfuncs.cc:4014:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zprefix,work); // /prefix data/ukopp-4.9/zfuncs.cc:4083:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filespec,filetype); // leave /type as default data/ukopp-4.9/zfuncs.cc:4085:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strEqu(filetype,"doc")) strcpy(filespec,zdocdir); // /usr/share/doc/appname data/ukopp-4.9/zfuncs.cc:4086:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strEqu(filetype,"data")) strcpy(filespec,zdatadir); // /usr/share/appname/data data/ukopp-4.9/zfuncs.cc:4087:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strEqu(filetype,"locale")) strcpy(filespec,zlocalesdir); // /usr/share/appname/locales data/ukopp-4.9/zfuncs.cc:4088:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strEqu(filetype,"user")) strcpy(filespec,zuserdir); // /home/<user>/.appname data/ukopp-4.9/zfuncs.cc:4090:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec,zuserdir); // /home/<user>/.appname/locales data/ukopp-4.9/zfuncs.cc:4097:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fext,pp); // file type .fext data/ukopp-4.9/zfuncs.cc:4109:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec+cc+1,fname); // /directories.../fname data/ukopp-4.9/zfuncs.cc:4113:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,lc_RC); // /directories.../fname-lc_RC.fext data/ukopp-4.9/zfuncs.cc:4114:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pp,fext); data/ukopp-4.9/zfuncs.cc:4118:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp+3,fext); // /directories.../fname-lc.fext data/ukopp-4.9/zfuncs.cc:4123:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pp,fext); data/ukopp-4.9/zfuncs.cc:4127:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,fext); // /directories.../fname.fext data/ukopp-4.9/zfuncs.cc:4132:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec,zdocdir); // /usr/share/doc/appname/extras data/ukopp-4.9/zfuncs.cc:4236:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("which firefox"); // use xdg-open only as last resort data/ukopp-4.9/zfuncs.cc:4239:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("which chromium-browser"); data/ukopp-4.9/zfuncs.cc:4242:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system("which xdg-open"); data/ukopp-4.9/zfuncs.cc:4280:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(xdgcomm,"r"); // get desktop directory for user locale data/ukopp-4.9/zfuncs.cc:4285:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int nn = fscanf(fid,"%s",dtdir); data/ukopp-4.9/zfuncs.cc:4492:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(poname,pp+1); data/ukopp-4.9/zfuncs.cc:4503:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ponamexx,poname); data/ukopp-4.9/zfuncs.cc:4504:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(poname+(pp+1-poname),zlang); // translate-en.po >> translate-xx.po data/ukopp-4.9/zfuncs.cc:4509:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(localpo,"%s/%s",ulocalesdir,poname); // final uncompressed local .po file data/ukopp-4.9/zfuncs.cc:4824:6: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void wprintf(GtkWidget *mLog, int line, cchar *format, ... ) // "printf" version data/ukopp-4.9/zfuncs.cc:4830:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/ukopp-4.9/zfuncs.cc:4837:6: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void wprintf(GtkWidget *mLog, cchar *format, ... ) // "printf", scrolling output data/ukopp-4.9/zfuncs.cc:4843:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); // stop overflow, remove warning data/ukopp-4.9/zfuncs.cc:4924:8: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. char * wscanf(GtkWidget *mLog, int & ftf) data/ukopp-4.9/zfuncs.cc:4989:14: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. prec = wscanf(mLog,ftf); // get text line data/ukopp-4.9/zfuncs.cc:6273:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mdesc+1,desc); data/ukopp-4.9/zfuncs.cc:8007:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zdposn[nn].wintitle,wintitle); data/ukopp-4.9/zfuncs.cc:8157:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zdposn[ii].wintitle,wintitle); // add window to table data/ukopp-4.9/zfuncs.cc:8245:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wname[ii],pp1); // save widget name and data data/ukopp-4.9/zfuncs.cc:8246:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wdata2,pp2); data/ukopp-4.9/zfuncs.cc:8485:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (mWin) wprintf(mLog," %s\n",text); data/ukopp-4.9/zfuncs.cc:8561:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/ukopp-4.9/zfuncs.cc:8589:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/ukopp-4.9/zfuncs.cc:8614:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,400,format,arglist); data/ukopp-4.9/zfuncs.cc:8649:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,400,format,arglist); data/ukopp-4.9/zfuncs.cc:8839:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptext,text); data/ukopp-4.9/zfuncs.cc:8892:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptext,text); data/ukopp-4.9/zfuncs.cc:9458:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog data/ukopp-4.9/zfuncs.cc:9497:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog data/ukopp-4.9/zfuncs.cc:9967:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pp) strcpy(pp+1,pfile); // in same directory as prior data/ukopp-4.9/zfuncs.cc:10031:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pp) strcpy(pp+1,pfile); // in same directory as prior data/ukopp-4.9/zfuncs.cc:10116:7: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(textWin," %s %.12g \n",pname,pvalue); data/ukopp-4.9/zfuncs.cc:10326:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xcc) strcpy(xpp,string); // copy string data/ukopp-4.9/zfuncs.cc:10339:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp,xstr.xpp); // copy string data/ukopp-4.9/zfuncs.cc:10371:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp,xstr.xpp); // copy string data/ukopp-4.9/zfuncs.cc:10391:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xcc) strcpy(xpp,str); // copy string data/ukopp-4.9/zfuncs.cc:10401:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp,x1.xpp); // with both input strings data/ukopp-4.9/zfuncs.cc:10402:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp + x1.xcc, x2.xpp); data/ukopp-4.9/zfuncs.cc:10415:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp,x1.xpp); // with both input strings data/ukopp-4.9/zfuncs.cc:10416:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s2) strcpy(temp.xpp + x1.xcc, s2); data/ukopp-4.9/zfuncs.cc:10429:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s1) strcpy(temp.xpp,s1); // with both input strings data/ukopp-4.9/zfuncs.cc:10430:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp + cc1, x2.xpp); data/ukopp-4.9/zfuncs.cc:10453:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp2,xpp); // copy to new space data/ukopp-4.9/zfuncs.cc:10488:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp2,xpp); // copy to new space data/ukopp-4.9/zfuncs.cc:10897:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string,table+pos); // return string data/ukopp-4.9/zfuncs.cc:11151:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tname,name); data/ukopp-4.9/zfuncs.h:312:6: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void wprintf(GtkWidget *Win, int line, cchar *format, ...); // "printf" version data/ukopp-4.9/zfuncs.h:313:6: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void wprintf(GtkWidget *Win, cchar *format, ... ); // "printf" to next line, scroll up data/ukopp-4.9/zfuncs.h:317:8: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. char * wscanf(GtkWidget *Win, int &ftf); // get text lines from edit widget data/ukopp-4.9/ukopp-4.9.cc:452:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = getenv("HOME"); // get "/home/username" data/ukopp-4.9/zfuncs.cc:3759:11: [3] (random) nrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return nrand48((unsigned int16 *) seed); data/ukopp-4.9/zfuncs.cc:3772:11: [3] (random) erand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return erand48((unsigned int16 *) seed); data/ukopp-4.9/zfuncs.cc:4024:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(zuserdir,199,"%s/.%s",getenv("HOME"),zappname); // /home/<username>/.appname/ data/ukopp-4.9/zfuncs.cc:4444:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pp = getenv("LANG"); // use $LANG if defined data/ukopp-4.9/zfuncs.cc:4445:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (! pp) pp = getenv("LANGUAGE"); // use $LANGUAGE if defined data/ukopp-4.9/ukopp-4.9.cc:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TFbakfiles[100]; // /home/user/.ukopp/xxx temp. files data/ukopp-4.9/ukopp-4.9.cc:73:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TFjobfile[100], TFpoopfile[100]; data/ukopp-4.9/ukopp-4.9.cc:74:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TFdatetime[100], TFformatscript[100]; data/ukopp-4.9/ukopp-4.9.cc:78:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diskdev[100][40]; // /dev/xxx data/ukopp-4.9/ukopp-4.9.cc:79:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diskdesc[100][60]; // device description data/ukopp-4.9/ukopp-4.9.cc:80:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diskmp[100][60]; // mount point, /media/xxxx data/ukopp-4.9/ukopp-4.9.cc:86:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mountdev[40]; // current mount data data/ukopp-4.9/ukopp-4.9.cc:87:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mountdirk[200]; data/ukopp-4.9/ukopp-4.9.cc:91:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BJfilespec[maxfcc]; // backup job file data/ukopp-4.9/ukopp-4.9.cc:94:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *BJfspec[maxnx]; // filespec (wild) data/ukopp-4.9/ukopp-4.9.cc:100:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BJdev[40] = ""; // backup device (maybe) data/ukopp-4.9/ukopp-4.9.cc:101:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BJdirk[200] = ""; // backup target directory data/ukopp-4.9/ukopp-4.9.cc:106:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *vertype[4] = { "none","incremental","full","compare" }; // verify types data/ukopp-4.9/ukopp-4.9.cc:160:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RJfrom[300]; // restore copy-from: /directory/.../ data/ukopp-4.9/ukopp-4.9.cc:161:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RJto[300]; // restore copy-to: /directory/.../ data/ukopp-4.9/ukopp-4.9.cc:164:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *RJfspec[maxnx]; // filespec of include/exclude data/ukopp-4.9/ukopp-4.9.cc:245:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char menu1[20], menu2[40]; // top-menu, sub-menu data/ukopp-4.9/ukopp-4.9.cc:455:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(BJfspec[0],"# default backup job"); // comment data/ukopp-4.9/ukopp-4.9.cc:470:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(BJdirk,"/unknown"); // backup target directory, cc data/ukopp-4.9/ukopp-4.9.cc:473:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(RJfrom,"/home/"); // file restore copy-from location data/ukopp-4.9/ukopp-4.9.cc:474:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(RJto,"/home/"); // file restore copy-to location data/ukopp-4.9/ukopp-4.9.cc:496:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char button2[20], *pp; data/ukopp-4.9/ukopp-4.9.cc:513:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[100]; data/ukopp-4.9/ukopp-4.9.cc:555:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logfile[200]; data/ukopp-4.9/ukopp-4.9.cc:645:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buff, diskdev1[40], diskdesc1[60], work[100]; data/ukopp-4.9/ukopp-4.9.cc:651:15: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(work,"udevadm info -e"); // new Linux command data/ukopp-4.9/ukopp-4.9.cc:652:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(work,"udevinfo -e"); // old Linux command data/ukopp-4.9/ukopp-4.9.cc:660:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (usbf) strcat(diskdesc[Ndisk]," (USB)"); // note if USB device data/ukopp-4.9/ukopp-4.9.cc:661:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(diskmp[Ndisk],"(not mounted)"); // mount point TBD data/ukopp-4.9/ukopp-4.9.cc:673:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(diskdev1,"/dev/"); data/ukopp-4.9/ukopp-4.9.cc:744:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[300]; data/ukopp-4.9/ukopp-4.9.cc:836:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *fspec, buff[1000]; data/ukopp-4.9/ukopp-4.9.cc:843:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(jobfile,"r"); // open job file data/ukopp-4.9/ukopp-4.9.cc:907:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/ukopp-4.9/ukopp-4.9.cc:910:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(jobfile,"w"); // open file data/ukopp-4.9/ukopp-4.9.cc:981:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orgBJdev[40]; // v.4.1 data/ukopp-4.9/ukopp-4.9.cc:982:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orgBJdirk[200]; data/ukopp-4.9/ukopp-4.9.cc:989:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[300]; data/ukopp-4.9/ukopp-4.9.cc:1057:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *fspec, text[300]; data/ukopp-4.9/ukopp-4.9.cc:1219:41: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (S_ISDIR(filestat.st_mode)) strcat(file2,"/*"); // if directory, append wildcard data/ukopp-4.9/ukopp-4.9.cc:1398:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(BJdirk,"/media"); // set a default for device data/ukopp-4.9/ukopp-4.9.cc:1474:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[100]; data/ukopp-4.9/ukopp-4.9.cc:1609:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message," %d files had backup errors \n",terrs); // repeat backup status v.4.5 data/ukopp-4.9/ukopp-4.9.cc:1613:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message," %d files had verify errors \n",terrs); // add verify status v.4.5 data/ukopp-4.9/ukopp-4.9.cc:1762:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:1955:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fspec2[200], bfile[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:1956:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pslash, *pdirk, ppdirk[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:1957:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[100]; data/ukopp-4.9/ukopp-4.9.cc:1965:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmod[20], dmod[20]; data/ukopp-4.9/ukopp-4.9.cc:2526:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *fspec, rdirk[300]; data/ukopp-4.9/ukopp-4.9.cc:2653:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file1, *file2, rdirk[300]; data/ukopp-4.9/ukopp-4.9.cc:2688:41: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (S_ISDIR(filestat.st_mode)) strcat(file2,"/*"); // if directory, append wildcard data/ukopp-4.9/ukopp-4.9.cc:2710:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file1, file2[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:2753:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfile[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:2799:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[200], device[20], filesys[20], label[20], *crec; data/ukopp-4.9/ukopp-4.9.cc:2850:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(TFformatscript,"w"); data/ukopp-4.9/ukopp-4.9.cc:2909:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch, work[300]; data/ukopp-4.9/ukopp-4.9.cc:2965:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char work[200]; data/ukopp-4.9/ukopp-4.9.cc:3013:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(TFdatetime,"w"); data/ukopp-4.9/ukopp-4.9.cc:3031:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[maxfcc], file2[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:3032:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirk[maxfcc], pdirk[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:3033:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, poopfile[100]; data/ukopp-4.9/ukopp-4.9.cc:3042:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(poopfile,"r"); // open poopfile data/ukopp-4.9/ukopp-4.9.cc:3083:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(poopfile,"r"); data/ukopp-4.9/ukopp-4.9.cc:3128:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(TFpoopfile,"w"); data/ukopp-4.9/ukopp-4.9.cc:3225:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fspec+cc,"/*"); data/ukopp-4.9/ukopp-4.9.cc:3377:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[300], *pp, *psep1; data/ukopp-4.9/ukopp-4.9.cc:3378:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bfile[maxfcc], *bfile2; data/ukopp-4.9/ukopp-4.9.cc:3398:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(TFbakfiles,"r"); // read file list data/ukopp-4.9/ukopp-4.9.cc:3863:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file1[maxfcc], file2[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:3865:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp1, *pp2, buff[BIOCC]; data/ukopp-4.9/ukopp-4.9.cc:3929:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = open(file1,O_RDONLY+O_NOATIME+O_LARGEFILE); // open input file data/ukopp-4.9/ukopp-4.9.cc:3932:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid2 = open(file2,O_WRONLY+O_CREAT+O_TRUNC+O_LARGEFILE,0700); // open output file data/ukopp-4.9/ukopp-4.9.cc:3993:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vfile[maxfcc], *vbuff = 0, *dbuff = 0; data/ukopp-4.9/ukopp-4.9.cc:4015:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vfid = open(vfile,open_flagsV); // open for read, large blocks, direct I/O data/ukopp-4.9/ukopp-4.9.cc:4033:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vfid = open(vfile,open_flagsV); // open for read, large blocks, direct I/O data/ukopp-4.9/ukopp-4.9.cc:4036:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfid = open(dfile,open_flagsD); // disk files, use cached I/O data/ukopp-4.9/ukopp-4.9.cc:4120:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(psep1+2,"%d",vers); data/ukopp-4.9/ukopp-4.9.cc:4133:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fspec1[maxfcc], fspec2[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:4163:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fspec[maxfcc]; data/ukopp-4.9/ukopp-4.9.cc:4223:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfile[maxfcc], *pp; data/ukopp-4.9/ukopp-4.9.cc:4249:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[500], *crec; data/ukopp-4.9/zfuncs.cc:185:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zappname[20]; // app name/version data/ukopp-4.9/zfuncs.cc:186:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zprefix[200], zdatadir[200], zdocdir[200]; // app directories data/ukopp-4.9/zfuncs.cc:187:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zicondir[200], zlocalesdir[200], zuserdir[200]; data/ukopp-4.9/zfuncs.cc:188:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zlang[8] = "en"; // "lc" or "lc_RC" data/ukopp-4.9/zfuncs.cc:189:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char JPGquality[4] = "90"; // JPG file save quality data/ukopp-4.9/zfuncs.cc:234:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/ukopp-4.9/zfuncs.cc:255:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[400], tempfile[30], command[100]; data/ukopp-4.9/zfuncs.cc:267:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(message," "); // lengthen short message data/ukopp-4.9/zfuncs.cc:271:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempfile,"/tmp/zpopup-%06d",getpid()); // write message to temp file data/ukopp-4.9/zfuncs.cc:272:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(tempfile,"w"); data/ukopp-4.9/zfuncs.cc:277:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command,"xmessage -buttons OK:0 -center -timeout 5 -file "); // create popup with message file data/ukopp-4.9/zfuncs.cc:279:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(command," &"); // return immediately data/ukopp-4.9/zfuncs.cc:301:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[300]; data/ukopp-4.9/zfuncs.cc:326:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("zappcrash","w"); // open zappcrash file (can hang here) data/ukopp-4.9/zfuncs.cc:391:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuff[50][100]; data/ukopp-4.9/zfuncs.cc:392:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funcbuff[50][40]; data/ukopp-4.9/zfuncs.cc:435:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("tracedump","w"); data/ukopp-4.9/zfuncs.cc:461:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1000]; data/ukopp-4.9/zfuncs.cc:465:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command,"which gksu > /dev/null 2>&1"); // Debian data/ukopp-4.9/zfuncs.cc:467:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command,"gksu \""); data/ukopp-4.9/zfuncs.cc:469:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command,"which beesu > /dev/null 2>&1"); // Fedora, just to be different data/ukopp-4.9/zfuncs.cc:471:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command,"beesu \""); data/ukopp-4.9/zfuncs.cc:490:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(command,"\" &"); // return immediately data/ukopp-4.9/zfuncs.cc:594:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/ukopp-4.9/zfuncs.cc:599:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("/proc/self/stat","r"); data/ukopp-4.9/zfuncs.cc:658:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1000]; data/ukopp-4.9/zfuncs.cc:659:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *pnames[20]; data/ukopp-4.9/zfuncs.cc:683:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"r"); // open /proc/xxx file data/ukopp-4.9/zfuncs.cc:779:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(lockfile,O_RDWR|O_CREAT,0666); // open or create the lock file data/ukopp-4.9/zfuncs.cc:984:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *command[10]; data/ukopp-4.9/zfuncs.cc:1070:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[10000], *prec; data/ukopp-4.9/zfuncs.cc:1130:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100], *pp; data/ukopp-4.9/zfuncs.cc:1140:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atoi(buff); data/ukopp-4.9/zfuncs.cc:1161:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtcommand[500]; data/ukopp-4.9/zfuncs.cc:1193:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buff, errmessage[200] = "missing programs:\n"; data/ukopp-4.9/zfuncs.cc:1303:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dirk[1000], file[200], ext[8]; data/ukopp-4.9/zfuncs.cc:1482:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[200]; data/ukopp-4.9/zfuncs.cc:1493:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("/proc/self/stat","r"); data/ukopp-4.9/zfuncs.cc:1559:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *retf[100]; data/ukopp-4.9/zfuncs.cc:1560:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pf1, pf2[2000]; // 2000 limit v.5.2 data/ukopp-4.9/zfuncs.cc:1563:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char blankstring[2], nullstring[1]; data/ukopp-4.9/zfuncs.cc:1623:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delims[2] = "x"; data/ukopp-4.9/zfuncs.cc:1744:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outstring[40]; data/ukopp-4.9/zfuncs.cc:2015:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftemp[maxfcc]; data/ukopp-4.9/zfuncs.cc:2078:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char work[20]; data/ukopp-4.9/zfuncs.cc:2542:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ccc = sprintf(string,"%d",inum); data/ukopp-4.9/zfuncs.cc:2556:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string,"%.*g",digits,dnum); data/ukopp-4.9/zfuncs.cc:2592:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *output[100]; data/ukopp-4.9/zfuncs.cc:2791:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char matchfile[maxfcc]; data/ukopp-4.9/zfuncs.cc:2792:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchpath[maxfcc]; data/ukopp-4.9/zfuncs.cc:2793:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[maxfcc]; data/ukopp-4.9/zfuncs.cc:2865:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char matchfile[maxfcc]; data/ukopp-4.9/zfuncs.cc:2866:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchpath[maxfcc]; data/ukopp-4.9/zfuncs.cc:2867:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[maxfcc]; data/ukopp-4.9/zfuncs.cc:3896:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/ukopp-4.9/zfuncs.cc:3994:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char work[200]; data/ukopp-4.9/zfuncs.cc:3995:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logfile[200], oldlog[200]; data/ukopp-4.9/zfuncs.cc:4077:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, fname[20], fext[8]; data/ukopp-4.9/zfuncs.cc:4078:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lc_RC[8]; // -lc or -lc_RC data/ukopp-4.9/zfuncs.cc:4091:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filespec,"/locales"); data/ukopp-4.9/zfuncs.cc:4122:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,"-en"); // /directories.../fname-en.fext data/ukopp-4.9/zfuncs.cc:4133:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filespec,"/extras"); // due to Linux chaos data/ukopp-4.9/zfuncs.cc:4152:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[200], url[200]; data/ukopp-4.9/zfuncs.cc:4181:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/ukopp-4.9/zfuncs.cc:4197:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filex[40], filespec[200], command[200]; data/ukopp-4.9/zfuncs.cc:4201:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filex,".gz"); data/ukopp-4.9/zfuncs.cc:4230:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prog[20]; data/ukopp-4.9/zfuncs.cc:4237:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"firefox"); // v.5.2 data/ukopp-4.9/zfuncs.cc:4240:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"chromium-browser"); data/ukopp-4.9/zfuncs.cc:4243:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"xdg-open"); data/ukopp-4.9/zfuncs.cc:4271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char appname[20], dtdir[200], dtfile[200], work[200]; data/ukopp-4.9/zfuncs.cc:4294:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(dtfile,"w"); data/ukopp-4.9/zfuncs.cc:4396:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[ZTXmaxcc], *ppq1, *ppq2; data/ukopp-4.9/zfuncs.cc:4398:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Etext[ZTXmaxcc], Ttext[ZTXmaxcc]; // .po text: "line 1 %s \n" "line 2" data/ukopp-4.9/zfuncs.cc:4417:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localpo[200], installpo[200], ulocalesdir[200]; data/ukopp-4.9/zfuncs.cc:4418:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, poname[20], ponamexx[20]; data/ukopp-4.9/zfuncs.cc:4448:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(zlang,"en"); // use English data/ukopp-4.9/zfuncs.cc:4451:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (*zlang < 'a') strcpy(zlang,"en"); // use English if garbage data/ukopp-4.9/zfuncs.cc:4505:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(poname,".po"); data/ukopp-4.9/zfuncs.cc:4513:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(localpo,"r"); // open .po file data/ukopp-4.9/zfuncs.cc:4648:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cleanstring[ZTXmaxcc]; data/ukopp-4.9/zfuncs.cc:4827:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/ukopp-4.9/zfuncs.cc:4840:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/ukopp-4.9/zfuncs.cc:4978:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"w"); // open file data/ukopp-4.9/zfuncs.cc:5033:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfile[50]; data/ukopp-4.9/zfuncs.cc:5333:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconpath[200]; data/ukopp-4.9/zfuncs.cc:5603:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[maxText]; data/ukopp-4.9/zfuncs.cc:5618:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(menuconfigfile,"r"); // read window geometry data/ukopp-4.9/zfuncs.cc:5675:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(pp+5); data/ukopp-4.9/zfuncs.cc:5836:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(menuconfigfile,"w"); // open for write data/ukopp-4.9/zfuncs.cc:6079:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[maxText]; data/ukopp-4.9/zfuncs.cc:6249:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconpath[200], *mdesc, *name__; data/ukopp-4.9/zfuncs.cc:6652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vdata[30], iconpath[200]; data/ukopp-4.9/zfuncs.cc:6838:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(vdata,"%g",val); data/ukopp-4.9/zfuncs.cc:6844:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',1); gdkrgba.red = f256 * atoi(pp); // RGB values are 0-1 v.5.8 data/ukopp-4.9/zfuncs.cc:6845:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',2); gdkrgba.green = f256 * atoi(pp); data/ukopp-4.9/zfuncs.cc:6846:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',3); gdkrgba.blue = f256 * atoi(pp); data/ukopp-4.9/zfuncs.cc:6897:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pname[8]; data/ukopp-4.9/zfuncs.cc:7059:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.red = f256 * atoi(pp); // RGB range is 0-1 v.5.8 data/ukopp-4.9/zfuncs.cc:7061:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.green = f256 * atoi(pp); data/ukopp-4.9/zfuncs.cc:7063:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.blue = f256 * atoi(pp); data/ukopp-4.9/zfuncs.cc:7243:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdata[20]; data/ukopp-4.9/zfuncs.cc:7323:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sdata,"%g",dval); data/ukopp-4.9/zfuncs.cc:7330:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sdata,"%.0f|%.0f|%.0f",gdkrgba.red*255,gdkrgba.green*255,gdkrgba.blue*255); data/ukopp-4.9/zfuncs.cc:7337:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sdata,"%g",dval); data/ukopp-4.9/zfuncs.cc:7467:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; data/ukopp-4.9/zfuncs.cc:7714:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[16]; data/ukopp-4.9/zfuncs.cc:7716:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string,"%d",idata); data/ukopp-4.9/zfuncs.cc:7723:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[32]; data/ukopp-4.9/zfuncs.cc:7756:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idata = atoi(zdata); data/ukopp-4.9/zfuncs.cc:7965:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64]; // window title (ID) data/ukopp-4.9/zfuncs.cc:7982:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posfile[200], buff[100], wintitle[64], *pp; data/ukopp-4.9/zfuncs.cc:7991:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(posfile,"r"); data/ukopp-4.9/zfuncs.cc:8019:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(posfile,"w"); data/ukopp-4.9/zfuncs.cc:8053:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64], *pp; data/ukopp-4.9/zfuncs.cc:8124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64], *pp; data/ukopp-4.9/zfuncs.cc:8199:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdinputsfile[200], buff[200]; data/ukopp-4.9/zfuncs.cc:8200:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdtitle[100], wname[100][100], wdata[100][200]; data/ukopp-4.9/zfuncs.cc:8201:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp1, *pp2, wdata2[200]; data/ukopp-4.9/zfuncs.cc:8211:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(zdinputsfile,"r"); // no file data/ukopp-4.9/zfuncs.cc:8224:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Nw = atoi(pp); data/ukopp-4.9/zfuncs.cc:8279:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(zdinputsfile,"w"); data/ukopp-4.9/zfuncs.cc:8316:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdtitle[100], wname[100], wdata[200], *type; data/ukopp-4.9/zfuncs.cc:8491:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). secs = atoi(action+5); data/ukopp-4.9/zfuncs.cc:8551:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/ukopp-4.9/zfuncs.cc:8586:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/ukopp-4.9/zfuncs.cc:8606:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[400]; data/ukopp-4.9/zfuncs.cc:8643:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[400]; data/ukopp-4.9/zfuncs.cc:9363:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printsettingsfile[200], pagesetupfile[200]; data/ukopp-4.9/zfuncs.cc:9410:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imagesize[100]; data/ukopp-4.9/zfuncs.cc:9482:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imagesize[100]; data/ukopp-4.9/zfuncs.cc:9679:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconpath[200]; data/ukopp-4.9/zfuncs.cc:9882:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zparmfile[200]; // last used parm file data/ukopp-4.9/zfuncs.cc:9957:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100], *fgs, *pp; data/ukopp-4.9/zfuncs.cc:9971:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"r"); data/ukopp-4.9/zfuncs.cc:10035:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"w"); data/ukopp-4.9/zfuncs.cc:10132:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptemp[20], *pname; data/ukopp-4.9/zfuncs.cc:10179:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptemp,"%.12g",parmlist.value[ii]); data/ukopp-4.9/zfuncs.cc:10956:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(wmi,"queue"); data/ukopp-4.9/zfuncs.h:625:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmi[8]; data/ukopp-4.9/ukopp-4.9.cc:469:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(BJdev,""); // backup target device (maybe) data/ukopp-4.9/ukopp-4.9.cc:471:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BJdcc = strlen(BJdirk); data/ukopp-4.9/ukopp-4.9.cc:674:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(diskdev1,buff+3,14); // save /dev/devid data/ukopp-4.9/ukopp-4.9.cc:1287:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 = pp1 + strlen(pp1); data/ukopp-4.9/ukopp-4.9.cc:1308:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 = pp1 + strlen(pp1); data/ukopp-4.9/ukopp-4.9.cc:1372:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BJdcc = strlen(BJdirk); data/ukopp-4.9/ukopp-4.9.cc:1402:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BJdcc = strlen(BJdirk); // set target directory cc data/ukopp-4.9/ukopp-4.9.cc:1434:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(diskmp[ii]); data/ukopp-4.9/ukopp-4.9.cc:2544:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rdirk,RJfrom,299); data/ukopp-4.9/ukopp-4.9.cc:2560:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rdirk,RJfrom,299); // /media/xxx/dirk/... data/ukopp-4.9/ukopp-4.9.cc:2568:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(RJfrom); // insure '/' at end data/ukopp-4.9/ukopp-4.9.cc:2569:29: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (RJfrom[cc-1] != '/') strcat(RJfrom,"/"); data/ukopp-4.9/ukopp-4.9.cc:2581:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(RJto); // insure '/' at end data/ukopp-4.9/ukopp-4.9.cc:2582:27: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (RJto[cc-1] != '/') strcat(RJto,"/"); data/ukopp-4.9/ukopp-4.9.cc:2664:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rdirk,RJfrom,299); // /media/xxx/dirk/... data/ukopp-4.9/ukopp-4.9.cc:2665:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rdcc = strlen(rdirk); data/ukopp-4.9/ukopp-4.9.cc:2719:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(RJfrom); // from: /dirk/xxx/.../ data/ukopp-4.9/ukopp-4.9.cc:2720:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(RJto); // to: /dirk/yyy/.../ data/ukopp-4.9/ukopp-4.9.cc:2770:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ccf = strlen(RJfrom); // from: /media/xxx/filespec data/ukopp-4.9/ukopp-4.9.cc:2926:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(diskmp[ii]); data/ukopp-4.9/ukopp-4.9.cc:3010:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(dt2); data/ukopp-4.9/ukopp-4.9.cc:3056:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(file); data/ukopp-4.9/ukopp-4.9.cc:3089:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ccf = strlen(RJfrom); data/ukopp-4.9/ukopp-4.9.cc:3090:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cct = strlen(RJto); data/ukopp-4.9/ukopp-4.9.cc:3099:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(file); data/ukopp-4.9/ukopp-4.9.cc:3223:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(fspec) - 1; // (BJfspec has the extra length) data/ukopp-4.9/ukopp-4.9.cc:3248:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(fsp); data/ukopp-4.9/ukopp-4.9.cc:3396:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcc = strlen(BD_UKOPPDIRK); // directory for ukopp special files data/ukopp-4.9/ukopp-4.9.cc:3409:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(bfile2); data/ukopp-4.9/ukopp-4.9.cc:3453:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(bfile2); data/ukopp-4.9/ukopp-4.9.cc:3641:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(RJfrom); // copy from: /dirk/.../ data/ukopp-4.9/ukopp-4.9.cc:3941:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rcc = read(fid1,buff,BIOCC); // read huge blocks data/ukopp-4.9/ukopp-4.9.cc:4023:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). vcc = read(vfid,vbuff,BIOCC); data/ukopp-4.9/ukopp-4.9.cc:4046:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). vcc = read(vfid,vbuff,BIOCC); // read two files data/ukopp-4.9/ukopp-4.9.cc:4049:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dcc = read(dfid,dbuff,BIOCC); data/ukopp-4.9/ukopp-4.9.cc:4104:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(filespec); data/ukopp-4.9/ukopp-4.9.cc:4123:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fcc + strlen(psep1); data/ukopp-4.9/zfuncs.cc:223:4: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/ukopp-4.9/zfuncs.cc:242:4: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/ukopp-4.9/zfuncs.cc:265:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(message); data/ukopp-4.9/zfuncs.cc:419:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&filebuff[ii][0],file,99); data/ukopp-4.9/zfuncs.cc:420:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&funcbuff[ii][0],func,39); data/ukopp-4.9/zfuncs.cc:478:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(command); // gksu (or) beesu data/ukopp-4.9/zfuncs.cc:690:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(pnames[ii]); data/ukopp-4.9/zfuncs.cc:898:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(command) + 1000; data/ukopp-4.9/zfuncs.cc:935:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(command) + 1000; data/ukopp-4.9/zfuncs.cc:1250:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(buff); data/ukopp-4.9/zfuncs.cc:1309:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(ppath); data/ukopp-4.9/zfuncs.cc:1325:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) > 199) return 1; // filename too long data/ukopp-4.9/zfuncs.cc:1332:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 7) return 0; // file part, no .ext data/ukopp-4.9/zfuncs.cc:1572:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(blankstring," "); data/ukopp-4.9/zfuncs.cc:1746:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). incc = strlen(instring); data/ukopp-4.9/zfuncs.cc:1772:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest,source,cc); data/ukopp-4.9/zfuncs.cc:1774:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) >= cc) return 1; // truncated data/ukopp-4.9/zfuncs.cc:1785:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest,source,cc); data/ukopp-4.9/zfuncs.cc:1786:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ii = strlen(source); data/ukopp-4.9/zfuncs.cc:1803:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ii = strlen(dest); data/ukopp-4.9/zfuncs.cc:1820:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 = source + strlen(source) - 1; data/ukopp-4.9/zfuncs.cc:1876:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxcc = maxcc - strlen(dest) - 1; data/ukopp-4.9/zfuncs.cc:1883:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dest,ps,maxcc); data/ukopp-4.9/zfuncs.cc:1884:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxcc = maxcc - strlen(ps); data/ukopp-4.9/zfuncs.cc:1982:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(ssin); data/ukopp-4.9/zfuncs.cc:1983:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(ssout); data/ukopp-4.9/zfuncs.cc:1990:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(strout,strin,ccc); data/ukopp-4.9/zfuncs.cc:1993:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(strout,ssout,cc2); data/ukopp-4.9/zfuncs.cc:2054:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! ccin) ccin = strlen(in); data/ukopp-4.9/zfuncs.cc:2080:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pNum); data/ukopp-4.9/zfuncs.cc:2133:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cc = strlen(string); data/ukopp-4.9/zfuncs.cc:2147:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *pp = (char *) malloc(strlen(string)+1+more); data/ukopp-4.9/zfuncs.cc:2244:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(utf8out,utf8in+ii,kk); data/ukopp-4.9/zfuncs.cc:2573:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cc) *cc = strlen(string); data/ukopp-4.9/zfuncs.cc:2808:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(wpath); data/ukopp-4.9/zfuncs.cc:2838:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(matchfile); // get rid of trailing \n data/ukopp-4.9/zfuncs.cc:2882:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(wpath); data/ukopp-4.9/zfuncs.cc:2912:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(matchfile); // get rid of trailing \n data/ukopp-4.9/zfuncs.cc:3031:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(seekrec); data/ukopp-4.9/zfuncs.cc:4025:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(zuserdir); // stop humongous username v.5.3 data/ukopp-4.9/zfuncs.cc:4107:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(filespec); data/ukopp-4.9/zfuncs.cc:4110:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(filespec); // | data/ukopp-4.9/zfuncs.cc:4563:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Ttext) < 3) // translation is "" (quotes included) data/ukopp-4.9/zfuncs.cc:4680:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) == 0) pp = english; // translation is "" v.5.6 data/ukopp-4.9/zfuncs.cc:4703:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tstring[ii]) == 0) break; // translation is "" v.5.6 data/ukopp-4.9/zfuncs.cc:4992:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(prec); data/ukopp-4.9/zfuncs.cc:5121:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(ztext); data/ukopp-4.9/zfuncs.cc:5653:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp+5) > 0) data/ukopp-4.9/zfuncs.cc:5659:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp+5)) menus[me].func = strdup(pp+5); data/ukopp-4.9/zfuncs.cc:5664:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp+5)) { data/ukopp-4.9/zfuncs.cc:5759:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text2 = (char *) malloc(strlen(text)+2); // replace "\n" with newline data/ukopp-4.9/zfuncs.cc:5863:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = pxbfile + strlen(pxbfile); // create a local PNG file for pixbuf data/ukopp-4.9/zfuncs.cc:6270:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(desc); // v.5.6 data/ukopp-4.9/zfuncs.cc:6274:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mdesc+cc1+1," "); data/ukopp-4.9/zfuncs.cc:6325:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(name); // prepare menu name with trailing blanks data/ukopp-4.9/zfuncs.cc:7490:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); data/ukopp-4.9/zfuncs.cc:7492:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text+cc,cliptext,999-cc); // add clipboard text data/ukopp-4.9/zfuncs.cc:8001:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 64) continue; data/ukopp-4.9/zfuncs.cc:8004:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wintitle) < 3) continue; data/ukopp-4.9/zfuncs.cc:8090:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) return; data/ukopp-4.9/zfuncs.cc:8150:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) return; data/ukopp-4.9/zfuncs.cc:8241:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(pp2); data/ukopp-4.9/zfuncs.cc:8379:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(wdata,""); data/ukopp-4.9/zfuncs.cc:8837:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); // construct popup window data/ukopp-4.9/zfuncs.cc:8890:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); // construct popup window data/ukopp-4.9/zfuncs.cc:9178:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(file1) >= maxfcc) data/ukopp-4.9/zfuncs.cc:9574:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(file); data/ukopp-4.9/zfuncs.cc:9602:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *) malloc(strlen(inp)+1); data/ukopp-4.9/zfuncs.cc:10067:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(parmname); data/ukopp-4.9/zfuncs.cc:10319:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (string) xcc = strlen(string); // string length data/ukopp-4.9/zfuncs.cc:10381:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str) xcc = strlen(str); data/ukopp-4.9/zfuncs.cc:10413:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2) cc2 = strlen(s2); data/ukopp-4.9/zfuncs.cc:10427:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1) cc1 = strlen(s1); data/ukopp-4.9/zfuncs.cc:10441:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int scc = strlen(string); data/ukopp-4.9/zfuncs.cc:10467:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xpp+pos,string,scc); // insert string, without null data/ukopp-4.9/zfuncs.cc:10479:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int scc = strlen(string); data/ukopp-4.9/zfuncs.cc:10499:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xpp+pos,string,scc); // insert string, without null data/ukopp-4.9/zfuncs.cc:10518:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (xcc != (int) strlen(xpp)) zappcrash("xstring xcc != strlen(xpp)",null); data/ukopp-4.9/zfuncs.cc:10811:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(table+pos,string,cc); // insert new string data/ukopp-4.9/zfuncs.cc:11009:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); // sleep in 1 millisec. steps data/ukopp-4.9/zfuncs.cc:11148:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cc = strlen(name); ANALYSIS SUMMARY: Hits = 754 Lines analyzed = 16305 in approximately 0.47 seconds (34437 lines/second) Physical Source Lines of Code (SLOC) = 10893 Hits@level = [0] 94 [1] 118 [2] 222 [3] 6 [4] 396 [5] 12 Hits@level+ = [0+] 848 [1+] 754 [2+] 636 [3+] 414 [4+] 408 [5+] 12 Hits/KSLOC@level+ = [0+] 77.8482 [1+] 69.2188 [2+] 58.3861 [3+] 38.0061 [4+] 37.4552 [5+] 1.10162 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.