Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uw-imap-2007f~dfsg/tools/uahelper.c
Examining data/uw-imap-2007f~dfsg/src/charset/gb_2312.c
Examining data/uw-imap-2007f~dfsg/src/charset/ksc_5601.c
Examining data/uw-imap-2007f~dfsg/src/charset/big5.c
Examining data/uw-imap-2007f~dfsg/src/charset/koi8_u.c
Examining data/uw-imap-2007f~dfsg/src/charset/cns11643.c
Examining data/uw-imap-2007f~dfsg/src/charset/windows.c
Examining data/uw-imap-2007f~dfsg/src/charset/jis_0208.c
Examining data/uw-imap-2007f~dfsg/src/charset/koi8_r.c
Examining data/uw-imap-2007f~dfsg/src/charset/gb_12345.c
Examining data/uw-imap-2007f~dfsg/src/charset/decomtab.c
Examining data/uw-imap-2007f~dfsg/src/charset/tis_620.c
Examining data/uw-imap-2007f~dfsg/src/charset/tmap.c
Examining data/uw-imap-2007f~dfsg/src/charset/widths.c
Examining data/uw-imap-2007f~dfsg/src/charset/iso_8859.c
Examining data/uw-imap-2007f~dfsg/src/charset/ibm.c
Examining data/uw-imap-2007f~dfsg/src/charset/viscii.c
Examining data/uw-imap-2007f~dfsg/src/charset/jis_0212.c
Examining data/uw-imap-2007f~dfsg/src/imapd/imapd.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/memset.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/strpbrk.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/strstr.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/memmove.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/strtok.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/memmove2.c
Examining data/uw-imap-2007f~dfsg/src/ansilib/strtoul.c
Examining data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c
Examining data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dbw.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_wsk.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/write.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/ftl_dos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/fdstring.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnv.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/fs_dos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dbw.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/nl_dos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/fdstring.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_wsk.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dwa.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnv.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/os_dwa.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.h
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/write.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/scandir.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/os_ami.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/fdstring.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/gethstid.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/ftl_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/ssl_none.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/nl_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/os_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/pseudo.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/ckp_std.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/tz_bsd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/fdstring.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/gr_waitp.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/log_std.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/fs_ami.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/pseudo.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/amiga/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/ftl_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/linkage.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/os_mac.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/fs_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/nl_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/osdep.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/linkage.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/os_mac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c
Examining data/uw-imap-2007f~dfsg/src/osdep/mac/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_mit.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/os_nt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/os_old.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/write.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/os_ntk.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ip4_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/mailfile.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/fdstring.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_none.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/pseudo.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/os_w2k.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/ftl_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/fdstring.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/nl_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/fs_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/pseudo.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/os_nt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/nt/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/os_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/nl_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.h
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/fs_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/os_wce.h
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/ftl_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/ftl_vms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/linkage.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vms.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/fs_vms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsn.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/nl_vms.c
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/linkage.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/vms/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/write.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/ftl_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/nl_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/pseudo.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/pseudo.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/fs_os2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/os2/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sc5.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_nto.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_cyg.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sgi.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/nl_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sos.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_isc.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_nul.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/kerb_mit.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sos.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_gss.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_os4.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/fs_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_os4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sol.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/flockcyg.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aix.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/sig_psx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_cvx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sc5.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_os4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/write.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_bsi.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_lnx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/getspnam.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/scandir.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_vu2.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_drs.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a41.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ipo_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_asv.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_os4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_ult.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_ult.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a52.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_dyn.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsf.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_osx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_ult.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_3rd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sun.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_a41.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/crx_std.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_pyr.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_d-g.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_dce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_lyn.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sco.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/fdstring.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_do4.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/gethstid.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aos.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_mct.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/unix.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_sv4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_nxt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_sec.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_2nd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sco.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_1st.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sv4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_mnt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/setpgrp.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_none.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/gr_wait.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_s40.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_mnt.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sec.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_asv.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_osx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aux.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_aux.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_drs.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a52.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sgi.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_pam.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/flockcyg.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/pseudo.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_std.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv4.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/truncate.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_mct.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/gr_wait4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/fsync.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sua.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_bsi.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/rename.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsi.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_slx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_cyg.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a32.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/opendir.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/news.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ftl_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tz_bsd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_osf.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_ssn.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sua.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tz_sv4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_soln.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_d-g.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_pyr.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_isc.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsf.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/fdstring.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_cyg.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_pmb.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_lyn.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/gr_waitp.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sun.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsd.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_afs.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_std.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_cvx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sce.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/sig_bsd.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_dyn.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/sig_sv4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_svo.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsi.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/strerror.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_osf.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_old.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_s40.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a32.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_do4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_vu2.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/pseudo.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_solo.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tz_nul.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/sslstdio.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_nxt.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ip4_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv4.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_nto.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_a41.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.h
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/utime.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/log_cyg.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/flocklnx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_lnx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/os_slx.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/fs_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/shortsym.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/os_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/linkage.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/log_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummyt20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/os_t20.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/nl_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/linkage.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/ftl_t20.c
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummy.h
Examining data/uw-imap-2007f~dfsg/src/osdep/tops-20/pmatch.c
Examining data/uw-imap-2007f~dfsg/src/mtest/mtest.c
Examining data/uw-imap-2007f~dfsg/src/c-client/utf8.h
Examining data/uw-imap-2007f~dfsg/src/c-client/c-client.h
Examining data/uw-imap-2007f~dfsg/src/c-client/utf8.c
Examining data/uw-imap-2007f~dfsg/src/c-client/rfc822.h
Examining data/uw-imap-2007f~dfsg/src/c-client/sslio.h
Examining data/uw-imap-2007f~dfsg/src/c-client/flstring.c
Examining data/uw-imap-2007f~dfsg/src/c-client/env.h
Examining data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c
Examining data/uw-imap-2007f~dfsg/src/c-client/smtp.h
Examining data/uw-imap-2007f~dfsg/src/c-client/rfc822.c
Examining data/uw-imap-2007f~dfsg/src/c-client/auth_ext.c
Examining data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c
Examining data/uw-imap-2007f~dfsg/src/c-client/misc.c
Examining data/uw-imap-2007f~dfsg/src/c-client/flstring.h
Examining data/uw-imap-2007f~dfsg/src/c-client/newsrc.c
Examining data/uw-imap-2007f~dfsg/src/c-client/fs.h
Examining data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c
Examining data/uw-imap-2007f~dfsg/src/c-client/nl.h
Examining data/uw-imap-2007f~dfsg/src/c-client/pop3.c
Examining data/uw-imap-2007f~dfsg/src/c-client/utf8aux.c
Examining data/uw-imap-2007f~dfsg/src/c-client/smanager.c
Examining data/uw-imap-2007f~dfsg/src/c-client/misc.h
Examining data/uw-imap-2007f~dfsg/src/c-client/auth_log.c
Examining data/uw-imap-2007f~dfsg/src/c-client/nntp.c
Examining data/uw-imap-2007f~dfsg/src/c-client/smtp.c
Examining data/uw-imap-2007f~dfsg/src/c-client/tcp.h
Examining data/uw-imap-2007f~dfsg/src/c-client/utf8aux.h
Examining data/uw-imap-2007f~dfsg/src/c-client/newsrc.h
Examining data/uw-imap-2007f~dfsg/src/c-client/ftl.h
Examining data/uw-imap-2007f~dfsg/src/c-client/nntp.h
Examining data/uw-imap-2007f~dfsg/src/c-client/netmsg.c
Examining data/uw-imap-2007f~dfsg/src/c-client/netmsg.h
Examining data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c
Examining data/uw-imap-2007f~dfsg/src/c-client/imap4r1.h
Examining data/uw-imap-2007f~dfsg/src/c-client/mail.h
Examining data/uw-imap-2007f~dfsg/src/c-client/mail.c
Examining data/uw-imap-2007f~dfsg/src/tmail/tquota.h
Examining data/uw-imap-2007f~dfsg/src/tmail/tquota.c
Examining data/uw-imap-2007f~dfsg/src/tmail/tmail.c
Examining data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c
Examining data/uw-imap-2007f~dfsg/src/mlock/mlock.c
Examining data/uw-imap-2007f~dfsg/src/dmail/dquota.c
Examining data/uw-imap-2007f~dfsg/src/dmail/dmail.c
Examining data/uw-imap-2007f~dfsg/src/dmail/dquota.h
FINAL RESULTS:
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:129:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (hitch,LOCKPROTECTION);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:622:3: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets (txt);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:818:10: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
while (gets (line)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:885:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (base->lock,(int) lock_protection);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:913:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (base->lock,(int) lock_protection);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1110:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (lock,(int) lock_protection);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1189:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (path,mode); /* set the new protection, ignore failure */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:652:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:513:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1167:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (base->lock,(int) dotlock_mode);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1185:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (base->lock,(int) dotlock_mode);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1394:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (lock,shlock_mode); /* make sure mode OK (don't use fchmod()) */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1473:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (path,mode); /* set the new protection, ignore failure */
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:652:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:513:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (LOCAL->lname,(long) mail_parameters (NIL,GET_LOCKPROTECTION,NIL));
data/uw-imap-2007f~dfsg/src/c-client/auth_ext.c:65:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((*responder) (stream,strcpy (user,mb->user),strlen (mb->user))) {
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:55:25: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define SERVER_LOG(x,y) syslog (LOG_ALERT,x,y)
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:68:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:144:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s@%s",service,mb->host);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:207:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp+4,strcpy (user,mb->user[0] ? mb->user : myusername ()));
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:207:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp+4,strcpy (user,mb->user[0] ? mb->user : myusername ()));
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:221:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unknown gss_wrap failure: %s",(char *) resp.value);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:230:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"GSSAPI mechanism status: %s",(char *) resp.value);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:251:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Kerberos credentials expired (try running kinit) for %s",
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:271:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,kerberos_try_kinit (smn) ?
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:286:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unknown GSSAPI failure: %s",(char *) resp.value);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"GSSAPI mechanism status: %s",(char *) resp.value);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:331:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s@%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:152:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (chal,"<%lu.%lu@%s>",(unsigned long) getpid (),
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:506:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ref && *ref) sprintf (mbx,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:507:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (mbx,pat);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:576:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ref && *ref) sprintf (mbx,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:577:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (mbx,pat);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:773:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strchr (strcpy (tmp,stream->mailbox),'}') + 1,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:773:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strchr (strcpy (tmp,stream->mailbox),'}') + 1,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:807:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reusing connection to %s",net_host (LOCAL->netstream));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:808:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:955:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"{%s",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:971:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:985:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,mb.mailbox);/* mailbox name */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1076:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s AUTHENTICATE ANONYMOUS",tag);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1125:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying using %s authentication after %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1134:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1141:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s AUTHENTICATE %s",tag,at->name);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1572:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (imap_extrahdrs) sprintf (tmp + strlen (tmp)," %s %s %s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1575:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp + strlen (tmp)," %s %s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1581:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,LEVELIMAP4 (stream) ? " BODYSTRUCTURE" : " BODY");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1807:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"[NOTIMAP4REV1] IMAP%s server can't do extended body fetch",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1813:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"[NOTIMAP4REV1] IMAP%s server can't do partial fetch",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1818:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"[NOTIMAP4REV1] IMAP%s server can't do selective header fetch",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1830:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,nopeek ? /* only babble if \Seen not set */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3017:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (CMDBASE,"%s %s",tag,cmd);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3630:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (*s," %s %d-%s-%d",name,date & 0x1f,
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3673:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = (char *) fs_get ((i = strlen (string) + 2) + 1),
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4129:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strncpy (LOCAL->tmp,stream->mailbox,i) + i,t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4166:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = LOCAL->tmp,"%s%s",LOCAL->prefix,(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4413:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t = LOCAL->tmp,"%s%s",LOCAL->prefix,(char *) reply->text);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4875:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->tmp,/* yes, must be bad syntax */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5819:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*s) strcpy (rs,s); /* write remainder of sequence */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:673:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't %s with such a name",purpose);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:691:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't %s %.80s: %s",purpose,mailbox,(*mailbox == '{') ?
data/uw-imap-2007f~dfsg/src/c-client/mail.c:711:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (host) strcpy (host,mb.host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:712:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailbox) strcpy (mailbox,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:755:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mb->mailbox,t+1); /* set mailbox name */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:793:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lcase (strcpy (mb->service,v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:795:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mb->user,v);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:797:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
!*mb->authuser) strcpy (mb->authuser,v);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:829:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lcase (strcpy (mb->service,s));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:847:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!*mb->service) strcpy (mb->service,service);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1002:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create %.80s: %s",mailbox,(*mailbox == '{') ?
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create %s: %.80s",s,mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1094:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename to %s: %.80s",s,newname);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1747:32: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (section && *section) sprintf (tmp,"%s.HEADER",section);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1827:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s.TEXT",section);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1888:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s.MIME",section);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1944:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!strcmp (s = strcpy (tmp,section),"0") ||
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2027:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s.TEXT",section);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2450:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s += strlen (s)) sprintf (s," %s",f);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2472:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to move message %lu from %s mailbox",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2597:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't append %.80s: %s",mailbox,(*mailbox == '{') ?
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2602:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (lcase (strcpy (tmp,mailbox)),"#driver.",8)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2766:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string,"%2d-%s-%d %02d:%02d:%02d %c%02d%02d",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2793:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string,fmt,days[(int) (d + 2 + ((7 + 31 * m) / 12)
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2856:64: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s && *s && (strlen (s) < (size_t)MAILTMPLEN)) s = ucase (strcpy (tmp,s));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sect,"%s%lu",prefix ? prefix : "",section++);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3939:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Search botch, mbx = %.80s, %s = %lu[%.80s]",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4939:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s.%lx.%lx@%s",stream->mailbox,stream->uid_validity,
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5164:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ret = (char *) fs_get (strlen (adr->mailbox) +
data/uw-imap-2007f~dfsg/src/c-client/misc.c:78:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return string ? strcpy ((char *) fs_get (1 + strlen (string)),string) : NIL;
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:49:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,fmt,text);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:128:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,(j == k) ? "%c%ld" : "%c%ld-%ld",c,j,k);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:136:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,(j == k) ? "%c%ld" : "%c%ld-%ld",c,j,k);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:158:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*(lcl = strcpy (name,pattern)) == '{') lcl = strchr (lcl,'}') + 1;
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:344:24: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) {
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:344:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) {
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:239:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mb.mailbox[0] != '#') strcpy (mbx,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:243:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(mb.mailbox[5] == '.')) strcpy (mbx,mb.mailbox+6);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:351:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*(lcl = strchr (strcpy (name,pattern),'}') + 1) == '#') lcl += 6;
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lcl,s); /* make full form of name */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:394:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ref && *ref) sprintf (mbx,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:395:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (mbx,pat);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:416:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:418:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (strchr (pattern,'}') + 1,pat);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:421:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:422:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:424:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:517:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Invalid NNTP name %s",mbx);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:659:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reusing connection to %s",net_host (nstream->netstream));
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:680:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
hostlist[0] = strcpy (tmp,mb.host);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:690:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=\"%s\"",mb.user);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,newsrc);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:734:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lcase (strcpy (s,(long) mail_parameters (NIL,GET_NEWSRCCANONHOST,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:744:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"{%s:%lu/nntp",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:755:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",LOCAL->user);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:757:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp + strlen (tmp),"}#news.%s",mbx);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:804:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Newsgroup %s is empty",mbx);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:921:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,(i == (j - 1)) ? "%lu" : "%lu-%lu",mail_uid (stream,i),
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1912:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path,"Path: %s!%s\015\012",net_localhost (stream->netstream),
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1976:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (args) sprintf (s,"%s %s",command,args);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1977:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (s,command);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2031:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying using %s authentication after %.80s",
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2040:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2198:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (stream->reply,"%ld %s",NNTPSOFTFATAL,text);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:249:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strchr (strcpy (tmp,ref),'}')+1,"INBOX");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:254:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (strchr (strcpy (tmp,pat),'}')+1,"INBOX");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:276:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ref && *ref) sprintf (mbx,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:277:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (mbx,pat);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:431:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp + strlen (tmp),"/user=\"%s\"}%s",usr,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:623:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pwd,"Retrying %s authentication after %.80s",at->name,t);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1043:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (args) sprintf (s,"%s %s",command,args);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1044:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (s,command);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:748:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,s,string);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:957:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (adl + adllen - 1,",@%s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:960:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (adl = (char *) fs_get (i),"@%s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1034:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1112:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:253:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%sSMTP authentication not available: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:296:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying using %s authentication after %.80s",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:305:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:440:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"{%.200s/smtp%s}<none>",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:460:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp + strlen (tmp),"@%s",env->return_path->host);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:475:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,ESMTP.dsn.full ? " RET=FULL" : " RET=HDRS");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:567:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp + strlen (tmp),"@%s>",adr->host);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:620:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (args) sprintf (s,"%s %s",command,args);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:621:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (s,command);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:674:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"EHLO %s",host); /* build the complete command */
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:766:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (stream->reply,"%ld %s",code,text);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:265:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,sysinbox ());/* use system INBOX */
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,sysinbox ()); /* use system INBOX for unix and MMDF */
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:340:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:391:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s appending to %.80s (%s %.80s)",
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:427:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (lstat (path,sbuf)) strcat (tmp,strerror (errno));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:406:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,response,t ? (char *) cmdbuf : "*");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:526:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg,"%s %s",cmd,s);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:622:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (u,v);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1420:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,response,lstref ? "*" : tag);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1427:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,response,tag);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1437:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,response,tag);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1472:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,response,tag,cmd,lasterror ());
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2897:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"BODY[%s.MIME]",ta->section);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2927:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"BODY[%s]",ta->section ? ta->section : "");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3007:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"BINARY.SIZE[%s] %lu",ta->section ? ta->section : "",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3016:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"BINARY[%s]<%lu> ",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3018:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"BINARY[%s] ",ta->section ? ta->section : "");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3032:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"BINARY[%s] NIL",ta->section ? ta->section : "");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3098:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ta->section && *ta->section) sprintf (tmp,"BODY[%s.TEXT]",ta->section);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3891:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s,"#public/%s",(*name == '/') ? name+1 : name);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3938:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3940:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (pattern,pat);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3943:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3944:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3946:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4084:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,t);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:350:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp+i,t); /* append mailbox to initial spec */
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:398:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (elt) sprintf (status,"Status: %s%s\015\012",
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:383:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,STATUS,elt->seen ? "R" : " ",
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:451:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,STATUS,elt->seen ? "R" : " ",
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:250:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (usage2,pgm,usgchk,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:259:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (usage2,pgm,usgcre,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:267:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (usage2,pgm,usgdel,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:275:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (usage2,pgm,usgren,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:283:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (!src || !dst || merge) printf (usage3,pgm,cmd,usgcpymov,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:294:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (!src || !dst || merge) printf (usage3,pgm,cmd,usgappdel,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:307:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
!(criteria = prune_criteria (dst))) printf (usage2,pgm,usgprn,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:347:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (!src || !dst) printf (usage2,pgm,usgxfr,stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:357:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest) strcpy (strchr (strcpy (tmp,dest->mailbox),'}') + 1,
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:357:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest) strcpy (strchr (strcpy (tmp,dest->mailbox),'}') + 1,
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:369:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (source) strcpy (strchr (strcpy (tmp,source->mailbox),'}') + 1,
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:369:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (source) strcpy (strchr (strcpy (tmp,source->mailbox),'}') + 1,
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:371:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,src);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:408:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (usage2,pgm,"command [switches] arguments",stdsw);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:602:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1),
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:628:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,tail); /* terminate flags list */
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:717:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (t,t1); /* copy the user flag */
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:886:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"{%s/%s",mb->host,mb->service);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:887:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:888:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username,mb->user));
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:889:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:898:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (password,getpass (s));
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:898:20: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
strcpy (password,getpass (s));
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lock,"%s.lock",file);
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hitch,"%s.%lu.%lu.",lock,(unsigned long) time (0),
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:109:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,pwd->pw_gecos);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:112:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (personalname,tmp);/* make a permanent copy of it */
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:413:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t = tmp+400,"%s@%s",adr->mailbox,adr->host);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:420:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,stream->user_flags[find_rightmost_bit (&i)]);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:458:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,stream->user_flags[find_rightmost_bit (&i)]);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:482:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (pfx) sprintf (tmp,"%s%ld.",pfx,++i);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:489:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s," %s%ld %s",pfx,++i,body_types[body->type]);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:490:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (body->subtype) sprintf (s += strlen (s),"/%s",body->subtype);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:491:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (body->description) sprintf (s += strlen (s)," (%s)",body->description);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:493:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),";%s=%s",par->attribute,par->value);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:495:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (body->id) sprintf (s += strlen (s),", id = %s",body->id);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:511:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s%ld.",pfx,i);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:737:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (curhst,mb->host);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:738:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"{%s/%s",mb->host,mb->service);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:739:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:739:55: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:740:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:751:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pwd,getpass (s));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:751:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
strcpy (pwd,getpass (s));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:823:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text,line);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:830:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msg->date,line);
data/uw-imap-2007f~dfsg/src/osdep/amiga/ckp_std.c:40:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:175:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test); /* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:225:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
pmatch ("INBOX",ucase (strcpy (tmp,test))))
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:301:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:302:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:304:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((pmatch_full (strcpy (path,tmp),pat,'/') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:308:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path+len-1,d->d_name) && !stat (path,&sbuf)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:313:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path,"%s/",tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:759:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (s && !*s) ? strcpy (dst,sysinbox ()) : s;
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:780:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailboxfile (tmp,pat)) strcpy (tmp,pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:788:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,pat); /* yes, ignore */
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:793:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!ref) strcpy (tmp,pat); /* just copy if no namespace */
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:796:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:796:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:798:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:330:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:334:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:622:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/INBOX",
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:639:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:666:24: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:721:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",home,mailsubdir);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:738:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:757:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,dir); /* write directory prefix */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:762:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,name); /* write name in directory */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:768:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (dst,mymailboxdir ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:792:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:808:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s",s,compare_cstring (name,"INBOX") ? name : "INBOX");
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:816:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (dst,name); /* unrestricted, copy root name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:822:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:838:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:839:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s/%s",pw->pw_dir,name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:847:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (anonymous) sprintf (dst,"%s/INBOX",mymailboxdir ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:853:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s",mymailboxdir (),name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:875:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (base->lock,"%s.lock",file);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:945:13: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_exit (execv (argv[0],argv));
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:973:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp, /* generate default message */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:985:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1060:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lock,"%s/.%lx.%lx","/tmp",
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.h:44:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s/.mailboxlist",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.h:45:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/.mlbxlsttmp",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:397:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:408:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:411:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:452:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:460:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:491:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:498:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:574:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:963:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1058:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1198:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1304:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1510:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1515:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1552:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1594:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1599:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:248:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",myhomedir (),MHPROFILE);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:264:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (s = tmp,"%s/%s",myhomedir (),v);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",myhomedir (),MHPATH);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:367:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test+4);/* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:425:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (name,"#mh/%s/",dir);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:434:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp,d->d_name); /* make directory name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:436:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (np,d->d_name);/* make mh name of directory name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:491:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:520:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp + i,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:527:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:566:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:665:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:881:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",LOCAL->dir,names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:902:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,++old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:990:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:992:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1048:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1161:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1172:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1253:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1255:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (pattern,pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1258:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1259:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1261:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:327:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:419:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SEQFMT,now);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:420:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,MTAFMT,now,0,now);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:432:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,MIXINDEX); /* create index */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:437:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,MIXSTATUS); /* create status */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:474:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (unlink (tmp)) sprintf (tmp,"Can't delete mailbox %.80s index: %80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:484:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,d->d_name); /* make path */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:559:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (src = (char *) fs_get (srcl + len + 2),"%s/%s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:561:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst = (char *) fs_get (dstl + len + 1),"%s%s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:755:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error reading mix message header, uid=%lx, s=%.0lx, h=%s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1228:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,staterr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1239:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1253:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,staterr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1307:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1393:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (local->buf,MSRFMT,MSGTOK,0,0,0,0,0,0,0,'+',0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1434:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1550:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (local->buf,MSRFMT,MSGTOK,0,0,0,0,0,0,0,'+',0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1662:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,MSRFMT,MSGTOK,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1942:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,shortmsg,plt->msgno,plt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1977:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,shortmsg,elt->msgno,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2005:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error in %s in mix index file: %.500s",msg,s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg,"Error in mix status file message record%s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2190:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,SEQFMT,LOCAL->metaseq = mix_modseq (LOCAL->metaseq));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2191:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2237:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,IXRFMT,0,14,4,4,13,0,0,'+',0,0,0,0,0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2241:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,SEQFMT,LOCAL->indexseq);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2266:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (idxf,SEQFMT,LOCAL->indexseq);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2271:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (idxf,IXRFMT,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2318:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,STRFMT,0,0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2321:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,SEQFMT,LOCAL->statusseq);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2346:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (statf,SEQFMT,LOCAL->statusseq);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2353:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (statf,STRFMT,elt->private.uid,elt->user_flags,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2628:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error in %s in mix sortcache record: %.500s",msg,t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2662:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SEQFMT,LOCAL->sortcacheseq = mix_modseq(LOCAL->sortcacheseq));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2672:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SCRFMT,elt->private.uid,s->date,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2727:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Empty mix %s record",type);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2731:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Oversize mix %s record: %.512s",type,buf);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2736:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Truncated mix %s record: %.512s",type,buf);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:480:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:486:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%sFrom %s %sDate: ",mmdfhdr,pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:488:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:493:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:494:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:497:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:541:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:553:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:572:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:577:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:667:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:926:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1082:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1117:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1276:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1286:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1591:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1692:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1913:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2131:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"%sFrom %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2401:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2434:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2544:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:290:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:298:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:328:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:335:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:708:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:896:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:924:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1009:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1056:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1124:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1133:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1142:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1171:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1266:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:46:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define MXINDEX(d,s) strcat (mx_file (d,s),MXINDEXNAME)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:280:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:361:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:391:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s index: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:399:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,d->d_name); /* make path */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:405:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete name %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:474:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:497:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s,"%s/%s",src,name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:498:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (d,"%s%s",dst,name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:591:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:767:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,++old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:855:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:857:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:951:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1072:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%lu",stream->mailbox,++stream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1075:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create append message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1083:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1168:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1168:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1249:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:236:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name + 6,t); /* make full form of name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:274:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:276:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (pattern,pat);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:279:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:280:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:282:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:366:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"%s/%s",(char *) mail_parameters (NIL,GET_NEWSSPOOL,NIL),
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:392:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Newsgroup %s is empty",LOCAL->name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:495:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:269:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to open file %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:300:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s, %d %s %d %02d:%02d:%02d %c%02d%02d",
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:309:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pw = getpwuid (sbuf.st_uid)) strcpy (tmp,pw->pw_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:529:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't copy - file \"%s\" is not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/amiga/scandir.c:55:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p->d_name,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:128:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:134:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host); /* hostname is user's argument */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:149:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!(he = gethostbyname (lcase (strcpy (hostname,host)))))
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:158:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,he->h_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:210:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:214:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:241:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%lu: %s",hst,port,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:270:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Connection failed to %.80s,%lu: %s",hst,port,
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:733:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ret = (he = gethostbyname (lcase (strcpy (host,name)))) ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:757:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reverse DNS resolution %s",adr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:768:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (flag) sprintf (ret = tmp,"%s %s",t,adr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:297:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:305:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:335:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:342:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:417:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:797:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1099:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1153:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1236:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1245:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1254:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1283:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1378:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:340:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:346:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"From %s %sDate: ",pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:349:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:354:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:355:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:358:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:402:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:414:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:433:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:438:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:528:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:787:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:947:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:981:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1140:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1462:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1550:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1749:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1968:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"From %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1975:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1976:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2255:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2288:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2398:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2604:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mail drop %s is not in standard Unix format",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2618:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"New mail move failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2625:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mail drop %s lock failure, old=%lu now=%lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2643:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Moved %lu bytes of new mail to %s from %s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:88:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(&x[start],"%3c, %d %s %d %s %s", \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:90:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(realtime,"%s %s %2d %s %d %s", \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:119:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(&x[start],"%3c, %d %3c %d %s",weekday, \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:121:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(realtime,"%s %s %2d %s %d",weekday,month,day,time,\
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:345:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:514:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a Bezerk-format mailbox: %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:524:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:541:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:650:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:663:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:740:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Invalid mailbox name: %s",s);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:173:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test); /* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:239:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't subscribe %s: not a mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:260:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (base) sprintf (tmpx,"%s\\",base);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:262:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (dir) strcat (tmpx,dir);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:266:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*." : "\\*.");
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:267:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,file_extension ? file_extension : "*");
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:275:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (base) sprintf (tmpx,"%s\\",base);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:277:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmpx + strlen (tmpx),"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:278:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (tmpx,f.name);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:283:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:284:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,f.name);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:401:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create mailbox node %s: %s",path,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:422:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:455:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %s to %s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:479:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s: %s",strerror (errno),stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:484:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sbuf.st_size) sprintf (tmp,"Not a mailbox: %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:609:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s: %s",strerror (e),mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:619:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Indeterminate mailbox format: %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:632:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Invalid mailbox name: %s",s);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:668:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailboxfile (tmp,pat)) strcpy (tmp,pat);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:680:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat);
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:89:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s\\NEWSRC",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:134:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:138:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:200:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((*name == '\\') || (name[1] == ':')) strcpy (dst,name);
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:201:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s\\%s",myhomedir (),name);
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:202:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ext) sprintf (dst + strlen (dst),".%s",ext);
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:259:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox %s, %s %lu[%.80s], %lu octets truncated to %ld",
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:287:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h:30:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s/MAILBOX.LST",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h:31:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/MAILBOX.TMP",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h:68:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:297:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:537:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a MTX-format mailbox: %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:545:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:562:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:635:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:677:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:699:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Invalid mailbox name: %s",s);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:732:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %ld, size = %ld: %s",
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:740:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find end of line at %ld in %ld bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:749:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %ld: %s",curpos,
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:773:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c:70:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"[%s]",inet_ntoa (myip));
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c:89:46: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host)));
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnv.c:69:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (s = tmp,"[%s]",inet_ntoa (in));
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:71:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"[%s]",inet_ntoa (in));
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:96:46: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host)));
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dwa.c:67:30: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (myip = gethostid ()) sprintf (s = tmp,"[%s]",inet_ntoa (hname,myip));
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:95:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found: %s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:135:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",host,port,s,errno);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:82:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found: %s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:143:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:156:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!(he = gethostbyname (lcase (strcpy (tmp,host)))))
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:157:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError(),host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:164:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,he->h_name);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:208:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",hst,port,s,
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:735:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ret = (he = gethostbyname (lcase (strcpy (host,name)))) ? he->h_name : name;
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:757:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reverse DNS resolution %s",adr);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:768:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (flag) sprintf (ret = tmp,"%s %s",t,adr);
data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c:206:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a mailbox: %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c:292:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't append to %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:65:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s:News State",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:223:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.h:30:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s:Mailbox List",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.h:31:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s:Mailbox List Temp",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.h:58:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:170:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (s) sprintf (tmp,"%s: %.80s",s,host);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:170:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test); /* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:261:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*");
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:273:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:274:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,f.name);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:281:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:282:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,f.name);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:330:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*") &&
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:669:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (s && !*s) ? strcpy (dst,sysinbox ()) : s;
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:703:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailboxfile (tmp,pat)) strcpy (tmp,pat);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:715:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:100:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s\\NEWSRC",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:161:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:165:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:367:9: [4] (access) ImpersonateLoggedOnUser:
If this call fails, the program could fail to drop heightened privileges
(CWE-250). Make sure the return value is checked, and do not continue if a
failure is reported.
ImpersonateLoggedOnUser (hdl)) return env_init (user,NIL);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:458:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (!check_nt ()) sprintf (tmp,"%s\\My Documents",defaultDrive ());
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:477:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"%s\\users\\default",defaultDrive ());
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:514:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path = pth,"%s%s",
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:517:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path = pth,"%s\\My Documents",defaultDrive ());
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:571:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (check_nt ()) sprintf (tmp,MAILFILE,myUserName);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:572:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"%s\\INBOX",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:592:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,dir); /* write directory prefix */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:597:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,name); /* write name in directory */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:602:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (dst,myhomedir());/* no arguments, wants home directory */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:639:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s\\%s",dir,name);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:647:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s%s",homedev,name);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:651:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (name[2] == '\\') strcpy (dst,name);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:652:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%c:\\%s",name[0],name+2);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:655:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s\\%s",dir,name);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.h:30:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\MAILBOX.LST",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.h:31:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\MAILBOX.TMP",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/nt/ip4_nt.c:165:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(he = gethostbyname (lcase (strcpy (tmp,name))))) {
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:136:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(!getaddrinfo (lcase (strcpy (tmp,text)),NIL,hints,&ai))) {
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:253:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(!getaddrinfo (lcase (strcpy (lcname,name)),NIL,hints,&ai))) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:387:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:396:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:440:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:448:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:484:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:494:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:525:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:894:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:933:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1075:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1160:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1366:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1371:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1447:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1452:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:300:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:308:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:344:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:795:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:882:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:929:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:982:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:991:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1000:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1029:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:164:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError (),host);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:221:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Trying IP address [%s]",ip_sockaddrtostring (sadr));
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:878:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reverse DNS resolution %s",adr);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:885:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (flag) sprintf (ret = tmp,"%s %s",t,adr);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:308:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:316:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:352:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:866:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:953:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1006:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1073:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1082:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1091:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1120:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1216:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:307:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:313:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"From %s %s",pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:317:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:326:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:367:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:382:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:406:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:411:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:473:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,02) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:714:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:867:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:906:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1067:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1077:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lock,"%s.lock",file);/* build lock filename */
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1314:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error creating %.80s: %s",lock,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1414:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1501:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1904:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"From %s %.24s\r\nDate: %s\r\nFrom: %s <%s@%.80s>\r\nSubject: %s\r\nMessage-ID: <%lu@%.80s>\r\nX-IMAP: %010ld %010ld",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1911:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t += strlen (t)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2182:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2292:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:99:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:119:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (tmp,message,args); /* build message */
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:140:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,(logopt & LOG_PID) ? "%s[%d]" : "%s",ident,getpid ());
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:265:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt)
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.h:80:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.h:86:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:176:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test); /* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:267:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*");
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:279:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:280:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,f.name);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:287:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:288:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,f.name);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:659:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (s && !*s) ? strcpy (dst,sysinbox ()) : s;
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:693:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailboxfile (tmp,pat)) strcpy (tmp,pat);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:705:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s%s%s",dev,ref ? ref : "",pat);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:69:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s\\newsrc",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:109:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:113:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:193:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((*name == '\\') || (name[1] == ':')) strcpy (dst,name);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:194:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s\\%s",myhomedir (),name);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:195:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ext) sprintf (dst + strlen (dst),".%s",ext);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:305:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.h:57:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:387:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:396:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:440:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:448:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:484:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:494:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:525:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:894:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:933:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1075:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1160:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1366:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1371:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1447:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1452:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:300:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:308:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:344:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:795:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:882:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:929:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:982:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:991:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1000:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1029:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:85:46: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
struct hostent *hn = gethostbyname (lcase (strcpy (tmp,*host)));
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:98:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:95:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found: %s",host);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:135:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",host,port,s,errno);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:308:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:316:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:352:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:866:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:953:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1006:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1073:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1082:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1091:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1120:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1216:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:307:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:313:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"From %s %s",pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:317:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:326:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:367:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:382:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:406:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:411:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:473:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,02) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:714:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:867:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:906:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1067:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1077:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lock,"%s.lock",file);/* build lock filename */
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1314:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error creating %.80s: %s",lock,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1414:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1501:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1904:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"From %s %.24s\r\nDate: %s\r\nFrom: %s <%s@%.80s>\r\nSubject: %s\r\nMessage-ID: <%lu@%.80s>\r\nX-IMAP: %010ld %010ld",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1911:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t += strlen (t)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2182:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2292:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummyt20.c:205:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a mailbox: %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummyt20.c:291:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't append to %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c:159:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%sNEWSRC",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c:213:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.h:38:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\SUBSCRIPTIONS.TXT",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.h:39:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\SUBSCRIPTIONS.TMP",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.h:73:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/os_t20.c:85:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt)
data/uw-imap-2007f~dfsg/src/osdep/tops-20/os_t20.h:50:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:92:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"No such host as %s",host);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:99:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!jsys (GTHST,argblk)) strcpy (tmp,host);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:113:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file,"Can't connect to %s,%d server",tmp,port);
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_bsi.c:44:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"auth-%s",(char *) mail_parameters (NIL,GET_SERVICENAME,NIL));
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_dce.c:50:39: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) return pw;
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_dce.c:58:34: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c:62:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c:80:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sce.c:42:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sec.c:42:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_ssn.c:49:39: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_ssn.c:52:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pa->pwa_passwd,(char *) crypt (pass,pa->pwa_passwd)))) ?
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_std.c:40:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) ?
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sv4.c:62:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sv4.c:76:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_svo.c:62:38: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_svo.c:75:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
!strcmp (sp->sp_pwdp,(char *) crypt (pass,sp->sp_pwdp))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:48:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hitch,"%s.%lu.%d.",name,(unsigned long) time (0),getpid ());
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:175:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test); /* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:225:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
pmatch ("INBOX",ucase (strcpy (tmp,test))))
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:301:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (tmp,"%s%s",dir,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:302:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (tmp,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:304:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((pmatch_full (strcpy (path,tmp),pat,'/') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:308:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path+len-1,d->d_name) && !stat (path,&sbuf)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:313:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path,"%s/",tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:759:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (s && !*s) ? strcpy (dst,sysinbox ()) : s;
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:780:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mailboxfile (tmp,pat)) strcpy (tmp,pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:788:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,pat); /* yes, ignore */
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:793:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!ref) strcpy (tmp,pat); /* just copy if no namespace */
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:796:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:796:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '/') strcpy (strchr (strcpy (tmp,ref),'/'),pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:798:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"%s%s",ref,pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:517:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:521:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:831:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",blackBoxDir,myUserName);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:839:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sysInbox,"%s/INBOX",home);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:858:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/INBOX",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:867:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:868:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:881:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:905:24: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:970:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",home,mailsubdir);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:987:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1006:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,dir); /* write directory prefix */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1011:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp,name); /* write name in directory */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1017:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (dst,mymailboxdir ());
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1041:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(name[4] == '/') && ftpHome) sprintf (dst,"%s/%s",ftpHome,name+5);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1057:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s",s,compare_cstring (name+8,"INBOX") ?
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1069:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s/INBOX",blackBoxDir,name+1);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1072:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s/%s",blackBoxDir,name+1);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1076:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (dst,name); /* unrestricted, copy root name */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1082:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1089:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s/INBOX",blackBoxDir,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1092:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s/%s",blackBoxDir,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1107:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1108:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (dst,"%s/%s",pw->pw_dir,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1118:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/INBOX",mymailboxdir ());
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s/%s",mymailboxdir (),name);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (base->lock,"%s.lock",file);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1222:13: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_exit (execv (argv[0],argv));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1253:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp, /* generate default message */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1265:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox vulnerable - error creating %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1340:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lock,"%s/.%lx.%lx",closedBox ? "" : tmpdir,
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1598:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmpx,"Unknown new mailbox format in %s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1618:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmpx,"Unknown empty mailbox format in %s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1816:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path,"%s/INBOX",mymailboxdir ());
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.h:44:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s/.mailboxlist",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.h:45:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s/.mlbxlsttmp",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/unix/flockcyg.c:81:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unexpected file locking failure: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/flocklnx.c:58:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"File locking failure: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/flocklnx.c:70:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unexpected file locking failure: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/ip4_unix.c:165:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(he = gethostbyname (lcase (strcpy (tmp,name))))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:136:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(!getaddrinfo (lcase (strcpy (tmp,text)),NIL,hints,&ai))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:253:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(!getaddrinfo (lcase (strcpy (lcname,name)),NIL,hints,&ai))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ipo_unix.c:166:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(he = gethostbyname (lcase (strcpy (tmp,name))))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:397:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:408:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:411:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:452:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:460:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:491:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:498:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:574:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:963:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1058:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1198:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1304:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1510:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1515:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1552:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1594:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read old status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1599:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf+50,"Invalid flags for message %lu (%lu %lu): %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:248:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",myhomedir (),MHPROFILE);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:264:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (s = tmp,"%s/%s",myhomedir (),v);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",myhomedir (),MHPATH);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:367:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (file,test+4);/* use just that name then */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:425:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (dir) sprintf (name,"#mh/%s/",dir);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:434:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp,d->d_name); /* make directory name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:436:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (np,d->d_name);/* make mh name of directory name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:491:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:520:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp + i,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:527:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:566:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:665:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:881:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s",LOCAL->dir,names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:902:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,++old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:990:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:992:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i,
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1048:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1161:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1172:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1253:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1255:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (pattern,pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1258:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1259:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1261:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:327:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:419:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SEQFMT,now);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:420:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,MTAFMT,now,0,now);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:432:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,MIXINDEX); /* create index */
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:437:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,MIXSTATUS); /* create status */
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:474:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (unlink (tmp)) sprintf (tmp,"Can't delete mailbox %.80s index: %80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:484:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,d->d_name); /* make path */
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:559:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (src = (char *) fs_get (srcl + len + 2),"%s/%s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:561:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst = (char *) fs_get (dstl + len + 1),"%s%s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:755:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error reading mix message header, uid=%lx, s=%.0lx, h=%s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1228:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,staterr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1239:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1253:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,staterr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1307:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,truncerr,burp->name,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1393:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (local->buf,MSRFMT,MSGTOK,0,0,0,0,0,0,0,'+',0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1434:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1550:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (local->buf,MSRFMT,MSGTOK,0,0,0,0,0,0,0,'+',0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1662:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,MSRFMT,MSGTOK,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1942:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,shortmsg,plt->msgno,plt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1977:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,shortmsg,elt->msgno,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2005:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error in %s in mix index file: %.500s",msg,s);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg,"Error in mix status file message record%s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2190:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf,SEQFMT,LOCAL->metaseq = mix_modseq (LOCAL->metaseq));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2191:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2237:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,IXRFMT,0,14,4,4,13,0,0,'+',0,0,0,0,0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2241:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,SEQFMT,LOCAL->indexseq);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2266:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (idxf,SEQFMT,LOCAL->indexseq);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2271:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (idxf,IXRFMT,elt->private.uid,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2318:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,STRFMT,0,0,0,0);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2321:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,SEQFMT,LOCAL->statusseq);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2346:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (statf,SEQFMT,LOCAL->statusseq);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2353:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (statf,STRFMT,elt->private.uid,elt->user_flags,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2628:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Error in %s in mix sortcache record: %.500s",msg,t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2662:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SEQFMT,LOCAL->sortcacheseq = mix_modseq(LOCAL->sortcacheseq));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2672:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f,SCRFMT,elt->private.uid,s->date,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2727:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Empty mix %s record",type);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2731:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Oversize mix %s record: %.512s",type,buf);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2736:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Truncated mix %s record: %.512s",type,buf);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:480:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:486:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%sFrom %s %sDate: ",mmdfhdr,pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:488:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:493:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:494:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:497:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:541:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:553:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:572:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:577:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:667:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:926:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1082:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1117:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1276:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1286:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1591:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1692:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1913:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2131:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"%sFrom %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2401:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2434:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2544:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:290:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:298:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:328:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:335:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:708:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:896:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:924:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1009:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1056:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1124:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1133:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1142:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1171:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1266:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:46:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define MXINDEX(d,s) strcat (mx_file (d,s),MXINDEXNAME)
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:280:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:361:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create mailbox %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:391:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s index: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:399:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s,d->d_name); /* make path */
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:405:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete name %.80s: %s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:474:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:497:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s,"%s/%s",src,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:498:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (d,"%s%s",dst,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:591:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:767:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,++old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:855:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",stream->mailbox,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:857:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Expunge of message %lu failed, aborted: %s",i,
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:951:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1072:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%lu",stream->mailbox,++stream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1075:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't create append message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1083:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1168:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1168:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1249:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:236:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name + 6,t); /* make full form of name */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:274:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pattern,ref); /* copy reference to pattern */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:276:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*pat == '#') strcpy (pattern,pat);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:279:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pattern,pat + 1); /* append, omitting one of the period */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:280:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat (pattern,pat); /* anything else is just appended */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:282:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (pattern,pat); /* just have basic name */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:366:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s = tmp,"%s/%s",(char *) mail_parameters (NIL,GET_NEWSSPOOL,NIL),
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:392:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Newsgroup %s is empty",LOCAL->name);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:495:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"%s/%lu",LOCAL->dir,elt->private.uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_a32.c:46:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (char *key,char *salt);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_aix.c:45:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (char *key,char *salt);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.h:74:5: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
int syslog (priority,message,parameters ...);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_drs.c:45:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (char *key,char *salt);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_lyn.c:45:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt (char *key,char *salt);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_nto.c:73:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name));
data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.c:49:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern char *crypt (const char *pw, const char *salt);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.c:74:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name));
data/uw-imap-2007f~dfsg/src/osdep/unix/os_soln.h:68:9: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
#define getpass getpassphrase
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.c:102:5: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
int syslog (int priority,char *message,char *parameters)
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.h:109:5: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
int syslog (priority,message,parameters ...);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:269:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to open file %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:300:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s, %d %s %d %02d:%02d:%02d %c%02d%02d",
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:309:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pw = getpwuid (sbuf.st_uid)) strcpy (tmp,pw->pw_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:529:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't copy - file \"%s\" is not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/unix/scandir.c:55:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p->d_name,d->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:29:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
#define crypt ssl_private_crypt
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:38:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
#undef crypt
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:685:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ());
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:687:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s/%s.pem",SSL_CERT_DIRECTORY,server);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:710:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cert,"%s/%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ());
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:711:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (key,"%s/%s-%s.pem",SSL_KEY_DIRECTORY,server,tcp_serveraddr ());
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:713:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (stat (cert,&sbuf)) sprintf (cert,"%s/%s.pem",SSL_CERT_DIRECTORY,server);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:715:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (key,"%s/%s.pem",SSL_KEY_DIRECTORY,server);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:717:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (stat (key,&sbuf)) strcpy (key,cert);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:173:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:247:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Trying IP address [%s]",ip_sockaddrtostring (sadr));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:251:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:270:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%u: %s",hst,(unsigned int) port,
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:298:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Connection failed to %.80s,%lu: %s",hst,
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (host,mb->host+1); /* yes, copy without brackets */
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:357:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (host,tcp_canonical (mb->host));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:360:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,sshcommand,sshpath,host,
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:362:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else sprintf (tmp,rshcommand,rshpath,host,
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:399:14: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_exit (execv (path,argv));/* now run it */
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:430:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,i ? "error in %s to IMAP server" :
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:438:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (usrbuf,mb->user[0] ? mb->user : myusername ());
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:953:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reverse DNS resolution %s",adr);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:961:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (flag) sprintf (ret = tmp,"%s %s",t,adr);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:297:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:305:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:335:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:342:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:417:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:797:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't copy new mail: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to write message: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1099:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1153:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1236:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to read internal header at %lu, size = %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1245:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to find newline at %lu in %lu bytes, text: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1254:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header at %lu: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1283:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal header elements at %ld: %s,%s;%s",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1378:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to read new status: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:340:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't reopen mailbox node %.80s: %s",mbx,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:346:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"From %s %sDate: ",pseudo_from,ctime (&ti));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:349:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:354:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:355:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:358:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't initialize mailbox node %.80s: %s",mbx,
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:402:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp,newname ?
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:414:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't lock mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:433:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:438:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't delete mailbox %.80s: %s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:528:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((LOCAL->ld >= 0) && access (stream->mailbox,W_OK) && (errno == EACCES)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:787:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox stat failed, aborted: %s",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:947:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Can't open destination mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:981:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Message copy failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1140:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't open append mailbox: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,"Message append failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1462:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1550:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to parse internal date: %s",(char *) date);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1749:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (err,"Discarding bogus %s header in message %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1968:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (hdr,"From %s %.24s\nDate: %s\nFrom: %s <%s@%.80s>\nSubject: %s\nMessage-ID: <%lu@%.80s>\nX-IMAP: %010lu %010lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1975:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1976:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2255:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mailbox open failed, aborted: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2288:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Unable to extend mailbox: %s",strerror (e));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2398:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to write to mailbox: %s",strerror (e = errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2604:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mail drop %s is not in standard Unix format",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2618:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"New mail move failed: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2625:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Mail drop %s lock failure, old=%lu now=%lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2643:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (LOCAL->buf,"Moved %lu bytes of new mail to %s from %s",
data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c:206:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a mailbox: %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c:292:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't append to %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:68:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s:.newsrc",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:89:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:93:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:127:26: [4] (misc) cuserid:
Exactly what cuserid() does is poorly defined (e.g., some systems use the
effective uid, like Linux, while others like System V use the real uid).
Thus, you can't trust what it does. It's certainly not portable (The
cuserid function was included in the 1988 version of POSIX, but removed
from the 1990 version). Also, if passed a non-null parameter, there's a
risk of a buffer overflow if the passed-in buffer is not at least L_cuserid
characters long (CWE-120). Use getpwuid(geteuid()) and extract the desired
information instead.
myUserName = cpystr (cuserid (NIL));
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:161:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.h:30:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\SUBSCRIPTIONS.TXT",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.h:31:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\SUBSCRIPTIONS.TMP",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.h:60:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.c:68:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt)
data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.h:50:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass (const char *prompt);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:80:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%lu: %s",host,port,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:104:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host); /* hostname is user's argument */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:115:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host); /* in case host is in write-protected memory */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:120:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host_name->h_name);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Unable to create TCP socket: %s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:149:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%d: %s",hostname,port,
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:467:43: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else return (he = gethostbyname (lcase (strcpy (host,name)))) ?
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsn.c:53:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (tmp,"Can't connect to %.80s,%s: no TCP",host,service);
data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c:213:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Not a mailbox: %s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c:298:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't append to %s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:86:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s\\NEWSRC",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:137:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,prefix,days[t->tm_wday]);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:141:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date,fmt,t->tm_mday,months[t->tm_mon],t->tm_year+1900,
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:147:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (tz && tz[0]) sprintf (date + strlen (date)," (%s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:214:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path,"%s%s",homeDrive (),s);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:238:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s\\INBOX",myhomedir ());
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:264:56: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if ((*name == '\\') || (name[1] == ':')) return strcpy (dst,name);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:266:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dst,"%s\\%s",dir,name);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:288:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...)
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h:30:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONFILE(t) sprintf (t,"%s\\MAILBOX.LST",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h:31:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define SUBSCRIPTIONTEMP(t) sprintf (t,"%s\\MAILBOX.TMP",myhomedir ())
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h:70:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog (int priority,const char *message,...);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp,host+1); /* yes, copy number part */
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:143:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,host);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:156:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!(he = gethostbyname (lcase (strcpy (tmp,host)))))
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:157:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Host not found (#%d): %s",WSAGetLastError(),host);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:164:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostname,he->h_name);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:208:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Trying IP address [%s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Can't connect to %.80s,%ld: %s (%d)",hst,port,s,
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:735:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ret = (he = gethostbyname (lcase (strcpy (host,name)))) ? he->h_name : name;
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:757:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"Reverse DNS resolution %s",adr);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:768:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (flag) sprintf (ret = tmp,"%s %s",t,adr);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:387:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,sysinbox ());/* use system INBOX */
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:395:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:450:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path,sysinbox ()); /* use system INBOX for unix and MMDF */
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:463:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"#driver.%s/INBOX",ds->dtb->name);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:513:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp,"%s appending to %.80s (%s %.80s)",
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:545:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (lstat (path,sbuf)) strcat (tmp,strerror (errno));
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1729:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(unsigned long) random (),(unsigned long) time (0),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1797:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(unsigned long) random (),(unsigned long) time (0),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1852:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(unsigned long) random (),(unsigned long) time (0),
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:674:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:177:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
i = strlen (myHomeDir = cpystr ((s = getenv ("HOME")) ? s : ""));
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:226:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ()
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:228:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!rndm) srand (rndm = (unsigned) time (0L));
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h:42:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ();
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.h:44:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define getpid random
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dbw.c:64:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((s = getenv ("DISPLAY")) || (s = getenv ("display")))) {
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dbw.c:64:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((s = getenv ("DISPLAY")) || (s = getenv ("display")))) {
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:211:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ()
data/uw-imap-2007f~dfsg/src/osdep/mac/os_mac.h:69:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random (void);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:213:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random (void)
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:215:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!rndm) srand (rndm = (unsigned) time (0L));
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:460:33: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
else if ((netapi || (netapi = LoadLibrary ("netapi32.dll"))) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:472:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((s = getenv ("USERPROFILE")) && (t = strrchr (s,'\\'))) {
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:488:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = getenv ("SystemDrive");
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:513:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv ("HOMEPATH"))
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:515:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(d = getenv ("HOMEDRIVE")) ? d : defaultDrive (),p);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:516:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (!(path = getenv ("HOME")))
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:672:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((s = lockdir (lock,getenv ("windir"),"TEMP")) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:674:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = lockdir (lock,getenv ("TEMP"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:675:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = lockdir (lock,getenv ("TMP"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:676:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = lockdir (lock,getenv ("TMPDIR"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.h:65:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ();
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.h:67:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define getpid random
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:117:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if (((lib = LoadLibrary ("schannel.dll")) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:118:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
(lib = LoadLibrary ("security.dll"))) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:129:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if ((lib = LoadLibrary ("crypt32.dll")) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:116:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if (((lib = LoadLibrary ("schannel.dll")) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:117:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
(lib = LoadLibrary ("security.dll"))) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:231:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = _tempnam (getenv ("TEMP"),"msg");
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:166:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv ("PINEHOME")) || (s = getenv ("HOME")) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:166:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv ("PINEHOME")) || (s = getenv ("HOME")) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:167:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = getenv ("ETC"))) {
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:210:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((s = lockdir (lock,getenv ("TEMP"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:211:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = lockdir (lock,getenv ("TMP"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:212:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = lockdir (lock,getenv ("TMPDIR"),NIL)) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:292:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ()
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:294:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!rndm) srand (rndm = (unsigned) time (0L));
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.h:34:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random (void);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:776:27: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chdir (home) || chroot (home))
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:913:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/os_aos.h:37:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.h:47:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.h:47:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_art.h:59:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_asv.h:50:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_asv.h:50:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_asv.h:56:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsd.h:38:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_drs.h:42:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.h:44:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.h:44:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_isc.h:54:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_isc.h:54:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.h:52:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.h:52:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.h:62:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long random (void);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sco.h:62:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.h:44:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.h:44:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_soln.h:63:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_soln.h:63:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_solo.h:63:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_solo.h:63:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.h:55:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.h:55:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv2.h:93:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv4.h:59:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv4.h:59:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random lrand48
data/uw-imap-2007f~dfsg/src/osdep/unix/os_vu2.h:65:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv (char *name);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:101:26: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
while ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT|O_EXCL,0600)) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:829:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv (t = "SSH_CLIENT")) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:830:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = getenv (t = "KRB5REMOTEADDR")) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:831:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(s = getenv (t = "SSH2_CLIENT"))) {
data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.h:47:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsn.c:200:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!myLocalHost) myLocalHost = cpystr (getenv ("SYS$NODE"));
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:175:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ()
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:177:14: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!rndm) srand (rndm = (unsigned) time (0L));
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:188:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return ((s = getenv ("SystemDrive")) && *s) ? s : "C:";
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:199:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return ((s = getenv ("HOMEDRIVE")) && *s) ? s : defaultDrive ();
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:212:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((s = getenv ("HOMEPATH")) && (i = strlen (s)))) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h:43:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ();
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.h:47:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define getpid random
data/uw-imap-2007f~dfsg/src/ansilib/memmove.c:38:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (ct,s,n); /* they should have this one */
data/uw-imap-2007f~dfsg/src/ansilib/memmove2.c:43:61: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((dest > src) && ((src + n) < dest))) return (void *) memcpy (s,ct,n);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp,resp.value,4);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:363:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (resp.value = tmp,(void *) &maxsize,resp.length = 4);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp,chal.value,chal.length) &&
data/uw-imap-2007f~dfsg/src/c-client/auth_log.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MD5BLKLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:115:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pwd,"%.65s %.33s",user,hmac_md5 (challenge,clen,
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p,*u,*user,*authuser,*hash,chal[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:189:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (MD5ENABLE,O_RDONLY,NIL);
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*authuser,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:234:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5DIGLEN];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:243:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.128s%.128s",chal,s);
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:278:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hshbuf[2*MD5DIGLEN + 1];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:282:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5DIGLEN],k_ipad[MD5BLKLEN+1],k_opad[MD5BLKLEN+1];
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (k_ipad,key,kl); /* store key in pads */
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (k_opad,k_ipad,MD5BLKLEN+1);
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:370:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->ptr,data,i); /* fill up 64 byte chunk */
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->ptr,data,len); /* copy final bit of data in buffer */
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *u,pwd[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[IMAPTMPLEN]; /* temporary buffer */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,prefix[MAILTMPLEN],mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbx[MAILTMPLEN],mbx2[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:743:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (flags & SA_MESSAGES) strcat (tmp," MESSAGES");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:744:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (flags & SA_RECENT) strcat (tmp," RECENT");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:745:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (flags & SA_UNSEEN) strcat (tmp," UNSEEN");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:746:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (flags & SA_UIDNEXT) strcat (tmp," UIDNEXT");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:747:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (flags & SA_UIDVALIDITY) strcat (tmp," UIDVALIDITY");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:790:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN],usr[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:958:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),":%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:959:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"/imap");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:960:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->tlsflag) strcat (tmp,"/tls");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:961:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:962:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->notlsflag) strcat (tmp,"/notls");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:963:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->sslflag) strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:964:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->novalidate) strcat (tmp,"/novalidate-cert");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:965:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->loser) strcat (tmp,"/loser");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:966:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->secure) strcat (tmp,"/secure");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:967:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->rdonly) strcat (tmp,"/readonly");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:968:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->anonymous) strcat (tmp,"/anonymous");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1005:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"<no_mailbox>");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[16];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1074:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag,"%08lx",0xffffffff & (stream->gensym++));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[16];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1139:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag,"%08lx",0xffffffff & (stream->gensym++));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1170:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can not authenticate to IMAP server: %.80s",lsterr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1250:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"IMAP SERVER BUG (invalid challenge): %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1391:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu,%lu",last,i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1392:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (t,",%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1402:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",start = last = i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1408:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu",last);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,seq[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1460:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = seq,"%lu",msgno);/* initial sequence */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1519:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s += strlen (s),",%lu",i++);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s += strlen (s),",%lu:%lu",i,x);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1537:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s += strlen (s),",%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1547:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,",%lu",i); /* append message */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1552:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i != --j) sprintf (s + strlen (s),":%lu",i = j);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1566:51: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!elt->private.uid && LEVELIMAP4 (stream)) strcpy (tmp," UID");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1570:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp," ENVELOPE"); /* yes, get it and possible extra poop */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1582:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!elt->day) strcat (tmp," INTERNALDATE");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1583:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!elt->rfc822_size) strcat (tmp," RFC822.SIZE");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1586:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp," FLAGS)"); /* always get current flags */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN],partial[40],seq[40];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1643:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (seq,"%lu:%lu",msgno,
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1678:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (first || last) sprintf (partial,"<%lu.%lu>",first,last ? last:-1);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1709:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp+(t-section),".0");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1784:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
text.data = memcpy (fs_get (text.size+1),
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1859:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
text.data = memcpy (fs_get (text.size+1),elt->private.msg.text.text.data,
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1878:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,seq[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1887:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (seq,"%lu",msgno);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1893:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,",%lu",i); /* append message */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1898:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i != --j) sprintf (s + strlen (s),":%lu",i = j);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1936:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (seq,"%lu",uid);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2090:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",j = i);/* output message number */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2098:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,":%lu",i); /* output delimiter and end of range */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2222:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu,%lu",last,i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2223:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (t,",%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2233:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",start = last = i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2239:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu",last);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2407:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",mail_uid (stream,j = i));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2412:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,":%lu",mail_uid (stream,i));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2560:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access referral server: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3003:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,tag[10];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3006:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag,"%08lx",0xffffffff & (stream->gensym++));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3026:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",(unsigned long) arg->text);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datetmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3225:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s," %lu",list->text.size);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3331:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s,"{%lu}",i); /* write literal count */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3400:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s," LARGER %lu",pgm->larger);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3404:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s," SMALLER %lu",pgm->smaller);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3437:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s," OLDER %lu",pgm->older);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3441:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s," YOUNGER %lu",pgm->younger);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3566:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s,"%lu",set->first);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3574:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*s,"%lu",set->last);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3581:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (start," OR",3);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3701:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unexpected tagged response: %.80s %.80s %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3742:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing IMAP reply key: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3803:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"IMAP protocol error: %.80s",(char *) reply->text);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3806:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (LOCAL->tmp,"Unexpected IMAP response: %.80s %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3828:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unexpected untagged message: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3877:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bogus date: %.80s",(char *) s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3905:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Body received for %lu but current is %lu",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3934:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unterminated section: %.80s",md.what);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3937:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bogus header field list: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3940:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unterminated header section: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3950:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unterminated partial data: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3954:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk after section: %.80s",(char *) s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3975:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown body message property: %.80s",prop);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4006:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown RFC822 message property: %.80s",prop);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4012:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown message property: %.80s",prop);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4023:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown message data: %lu %.80s",msgno,(char *) s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4036:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Too many server flags, discarding: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4066:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
do if ((i = atol (t)) && (LOCAL->filter ?
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4083:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of thread: %.80s",(char *) s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk after namespace list: %.80s",(char *) s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4253:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Invalid ACL identifer/rights for %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4281:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Invalid optional LISTRIGHTS for %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4295:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing LISTRIGHTS rights for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4302:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing LISTRIGHTS identifer for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4315:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk after MYRIGHTS for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4323:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing MYRIGHTS for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4334:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bad quota resource list for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4374:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bad quota root list for %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unexpected untagged message: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4568:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing delimiter in namespace: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4593:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4604:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing values for namespace attribute %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4613:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of namespace: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4625:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not a namespace: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4678:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bogus thread member: %.80s",s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4772:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of envelope: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4784:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not an envelope: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4812:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of address list: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4825:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not an address: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4861:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of address: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4892:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk in start of group: pn=%.80s al=%.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4918:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not an address: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5030:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not an atom: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5077:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Invalid CHAR in quoted string: %x",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5117:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Absurd server literal length %lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5153:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Not a string: %c%.80s",c,(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5215:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (t = seg; *t && !((*t == '.') && (isalpha(t[1]) || !atol (t+1))); t++);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5218:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown section number: %.80s",seg);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5248:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown section specifier: %.80s.%.80s",seg,t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5318:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of multipart body: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5414:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of body part: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5428:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bogus body structure: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5464:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Missing value for parameter %.80s",par->attribute);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5477:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of parameter: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5488:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bogus body parameter: %c%.80s",c,
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5514:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Junk at end of disposition: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5528:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown body disposition: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5579:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Bogus string list member: %.80s",(char *) t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->tmp,"Unknown extension token: %.80s",(char *) *txtptr);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:343:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (stream && stream->dtb && (stream != ((*stream->dtb->open) (NIL))))
data/uw-imap-2007f~dfsg/src/c-client/mail.c:668:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,*v,tmp[MAILTMPLEN],arg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:834:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (mb->service,"imap");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:836:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (mb->service,"pop3");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:845:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!*mb->mailbox) strcpy (mb->mailbox,"INBOX");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:866:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LIST reference specification: %.80s",ref);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:872:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LIST pattern specification: %.80s",pat);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:901:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LIST reference specification: %.80s",ref);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:906:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:907:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LIST pattern specification: %.80s",pat);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:933:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:934:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LSUB reference specification: %.80s",ref);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:940:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid LSUB pattern specification: %.80s",pat);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1032:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: bad driver syntax",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1039:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: unknown driver",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1051:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: indeterminate format",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1089:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1099:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename %.80s: mailbox %.80s already exists",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1218:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.255s",mb.host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1219:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (mb.port) sprintf (tmp + strlen (tmp),":%lu",mb.port);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1220:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=%.64s",mb.user);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1221:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.dbgflag) strcat (tmp,"/debug");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1222:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.secflag) strcat (tmp,"/secure");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1223:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.tlsflag) strcat (tmp,"/tls");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1224:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.notlsflag) strcat (tmp,"/notls");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1225:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.sslflag) strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1226:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.trysslflag) strcat (tmp,"/tryssl");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1227:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.novalidate) strcat (tmp,"/novalidate-cert");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1228:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"/pop3/loser}");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.80s",name+8);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1246:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't resolve mailbox %.80s: bad driver syntax",name);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1251:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d) return (*d->open) (NIL);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1252:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't resolve mailbox %.80s: unknown driver",name);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1278:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (options & OP_PROTOTYPE) return (*d->open) (NIL);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1300:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Closing connection to %.80s",mb.host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1339:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ((*d->open) (stream)) ? stream : mail_close (stream);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad msgno %lu in mail_elt, nmsgs = %lu, mbx=%.80s",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1568:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
hdr = (char *) memcpy (fs_get ((size_t) hdrsize+1),s,(size_t) hdrsize);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[20];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1624:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sequence,"%lu",elt->msgno);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1673:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
s = (char *) memcpy (fs_get ((size_t) i),u,(size_t) i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1680:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1681:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Calculated RFC822.SIZE (%lu) != reported size (%lu)",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1685:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t->data,s,(size_t) i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1687:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (u,bs.curpos,bs.cursize);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1722:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1748:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (tmp,"HEADER");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1832:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp,"TEXT");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1949:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ht.data = (unsigned char *) mail_fetch_header (stream,msgno,
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2011:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2031:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp,"TEXT");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&md->stream->private.string,bs,sizeof (STRING));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer,s->curpos,i = min (s->cursize,size));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2273:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (t = tmp,"%.256s@%.256s",adr->mailbox,adr->host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,t,(size_t) min (length,(long) strlen (t)));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*f,tmp[MAILTMPLEN],flags[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2436:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",n);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2442:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (flags," \\Seen");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2443:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (flags," \\Flagged");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2444:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (flags," \\Answered");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2445:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (flags," \\Draft");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2467:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2605:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append to mailbox %.80s: bad driver syntax",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2611:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append to mailbox %.80s: unknown driver",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox has more messages (%lu) exist than maximum (%lu)",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3145:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Non-existent recent message(s) %lu, nmsgs=%lu",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Expunge of non-existent message %lu, nmsgs=%lu",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Lock when already locked, mbx=%.80s",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*e,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3473:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i == elt->msgno) sprintf (tmp,"%lu",elt->msgno);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3474:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"%lu:%lu",elt->msgno,i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,sect[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3881:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SENDBUFLEN + 1];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3903:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (txt.data + txt.size,tmp,k);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN+SEARCHSLOP+1];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3980:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *criterion,*r,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4056:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown search criterion: %.30s",criterion);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,*v,*x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4315:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4326:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4358:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4898:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",mail_uid (stream,s->num));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4900:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),":%lu",mail_uid (stream,sc[j]->num));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4925:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",s->num);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5428:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,*n,*s,tmp[MAILTMPLEN],msg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5452:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg,"Unsupported system flag: %.80s",t);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5473:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg,"Invalid flag: %.80s",t);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5485:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (*t) sprintf (msg,"Unknown flag: %.80s",t);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5486:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (msg,"Empty flag invalid");
data/uw-imap-2007f~dfsg/src/c-client/mail.c:6181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/mail.c:6184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid host name: %.80s",mb->host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:6232:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tstream = (*dv->open) (host,service,port | flags)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.h:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NETMAXHOST]; /* host name (may be canonicalized) */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orighost[NETMAXHOST]; /* host name before canonicalization */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:650:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[NETMAXUSER]; /* user name */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authuser[NETMAXUSER]; /* authentication user name */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailbox[NETMAXMBX]; /* mailbox name */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[NETMAXSRV]; /* service name */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:1126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_flags[NUSERFLAGS]; /* pointers to user flags in bit order */
data/uw-imap-2007f~dfsg/src/c-client/mail.h:1201:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *(*open) (char *host,char *service,unsigned long port);
data/uw-imap-2007f~dfsg/src/c-client/mail.h:1475:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MAILSTREAM *(*open) (MAILSTREAM *stream);
data/uw-imap-2007f~dfsg/src/c-client/misc.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/c-client/misc.c:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/c-client/misc.c:218:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[256];
data/uw-imap-2007f~dfsg/src/c-client/misc.c:219:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char alphatab[256] = {
data/uw-imap-2007f~dfsg/src/c-client/misc.c:268:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[256];
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:61:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *f = tmpfile ();
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:63:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:64:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f = fopen (tmp,"wb+")) unlink (tmp);
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:66:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:91:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file at byte %lu",*size);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:79:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (newsrc,"wb");
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*lcl,name[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:155:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb");
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:192:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (newsrc,"r+b");
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,nl[3];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:258:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb");
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:292:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bogus character 0x%x in news state",(unsigned int)c);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:309:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"No state for newsgroup %.80s found, reading as new",group);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:323:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[UNSEEN] %lu is first unseen message in %.80s",unseen,group);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN],backup[MAILTMPLEN],nl[3];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:343:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f = fopen (newsrc,"rb")) {/* have existing newsrc file? */
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:344:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(bf = fopen ((strcat (strcpy (backup,newsrc),OLDFILESUFFIX)),"wb"))) {
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:374:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(bf = fopen (backup,"rb")))
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:378:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(f = fopen (newsrc,"wb"))) {
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:451:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ((char *) mail_parameters (stream,GET_NEWSRC,stream),"rb");
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:475:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"No state for newsgroup %.80s found",group);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*lcl,pattern[MAILTMPLEN],name[MAILTMPLEN],wildmat[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:384:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*name,*state,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:540:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"NNTP SERVER BUG (impossible message count): %lu > %lu",
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:565:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (((k = atol (s)) >= i) && (k < status.uidnext)) {
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:621:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu-%lu",first,last);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*mbx,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hostlist[2];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:682:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),":%lu",mb.port ? mb.port : nntp_port);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:683:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.tlsflag) strcat (tmp,"/tls");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:684:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.tlssslv23) strcat (tmp,"/tls-sslv23");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:685:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.notlsflag) strcat (tmp,"/notls");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:686:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.sslflag) strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:687:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.novalidate) strcat (tmp,"/novalidate-cert");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:688:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.loser) strcat (tmp,"/loser");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:689:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.secflag) strcat (tmp,"/secure");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:705:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"NNTP SERVER BUG (impossible message count): %lu > %lu",
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:747:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->tlsflag) strcat (tmp,"/tls");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:748:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->tlssslv23) strcat (tmp,"/tls-sslv23");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:749:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->notlsflag) strcat (tmp,"/notls");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:750:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->sslflag) strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:751:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->novalidate) strcat (tmp,"/novalidate-cert");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:752:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->nntpstream->loser) strcat (tmp,"/loser");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:753:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->secure) strcat (tmp,"/secure");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:754:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->rdonly) strcat (tmp,"/readonly");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:756:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->halfopen) strcat (tmp,"}<no_mailbox>");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:777:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((k = atol (s)) > j){/* discard too high article numbers */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:778:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"NNTP SERVER BUG (out of range article ID): %lu > %lu",
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,*v,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:933:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((uid = atol (s)) && (k = mail_msgno (stream,uid)) &&
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:940:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Server returned data for unknown UID %lu",uid);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:964:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse overview for UID %lu: %.500s",uid,s);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1060:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ov->optional.octets = atol (t);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1064:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ov->optional.lines = atol (++t);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1095:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",mail_uid (stream,msgno));
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",elt->private.uid);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,*v,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1507:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (start != last) sprintf (tmp,"%lu-%lu",start,last);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1508:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"%lu",start);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1516:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = mail_msgno (stream,atol (s))) &&
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1533:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->size = atol (++v);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1663:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1669:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.200s/%.20s}",*hostlist,service ? service : "nntp");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1671:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid host specifier: %.80s",*hostlist);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1727:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to negotiate TLS with this server: %.80s",mb.host);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,path[MAILTMPLEN],tmp[SENDBUFLEN+1];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1929:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected NNTP posting reply code %ld",ret);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1979:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1999:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.200s/nntp",(long) mail_parameters (NIL,GET_TRUSTDNS,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2005:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2006:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"}<none>");
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],usr[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2064:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can not authenticate to NNTP server: %.80s",lsterr);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2126:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"NNTP SERVER BUG (invalid challenge): %.80s",stream->reply+4);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2178:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return stream->replycode = atol (stream->reply);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:249:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (strchr (strcpy (tmp,ref),'}')+1,"INBOX");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:254:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (strchr (strcpy (tmp,pat),'}')+1,"INBOX");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN],usr[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:420:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.200s:%lu/pop3",
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:424:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.tlsflag) strcat (tmp,"/tls");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:425:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.tlssslv23) strcat (tmp,"/tls-sslv23");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:426:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.notlsflag) strcat (tmp,"/notls");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:427:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.sslflag) strcat (tmp,"/ssl");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:428:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mb.novalidate) strcat (tmp,"/novalidate-cert");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:429:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (LOCAL->loser = mb.loser) strcat (tmp,"/loser");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:430:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (stream->secure) strcat (tmp,"/secure");
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:517:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((s && !compare_cstring (s,"USER")) ? -atoi (args) : atoi (args));
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:517:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((s && !compare_cstring (s,"USER")) ? -atoi (args) : atoi (args));
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:528:3: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
-atoi (args) : atoi (args);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:528:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
-atoi (args) : atoi (args);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:615:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pwd,"Retrying using %.80s authentication after %.80s",
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:646:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pwd,"Can not authenticate to POP3 server: %.80s",t);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:701:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"POP3 SERVER BUG (invalid challenge): %.80s",LOCAL->reply);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:837:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TOP %lu 0",mail_uid (stream,msgno));
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:943:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:969:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1023:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",mail_uid (stream,n));
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1046:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *body_types[TYPEMAX+1] = {
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *body_encodings[ENCMAX+1] = {
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:604:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"MIME type table overflow: %.100s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:613:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown MIME type: %.100s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:645:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"MIME encoding table overflow: %.100s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:654:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown MIME transfer encoding: %.100s",s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:700:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Missing parameter value: %.80s",param->attribute);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:708:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected characters at end of parameters: %.80s",text);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:722:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:762:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!*string) strcpy (tmp,"Missing address after comma");
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:763:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Invalid mailbox list: %.80s",string);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:850:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected characters after address in group: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:861:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid group mailbox list: %.80s",*string);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:970:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unterminated at-domain-list: %.80s%.80s",adl,t);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:988:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unterminated mailbox: %.80s@%.80s",adr->mailbox,
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unterminated comment: %.80s",*s);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1372:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf->cur,string,i);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1727:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1728:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1795:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1796:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cookie,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1851:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cookie = tmp,"%lu-%lu-%lu=:%lu",(unsigned long) gethostid (),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1898:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char decode[256] = {
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1959:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Possible data truncation in rfc822_base64(): %.80s",
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2041:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2074:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid quoted-printable sequence: =%.80s",
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SENDBUFLEN+1]; /* client to give us a big enough one */
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SENDBUFLEN+1];
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,db[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:46:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f = fopen (db,"r")) { /* make sure not already there */
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:50:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Already subscribed to mailbox %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:58:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen (db,"a"))) { /* append new entry */
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN],old[MAILTMPLEN],newname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:80:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen (old,"r"))) /* open subscription database */
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:82:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(tf = fopen (newname,"w"))) {
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:96:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not subscribed to mailbox %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smanager.c:119:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f = fopen (sbname,"r")) *sdb = (void *) f;
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:155:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.1000s}",*hostlist);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:158:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid host specifier: %.80s",*hostlist);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:168:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (mb.service,"submission");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:190:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"SMTP greeting failure: %.80s",stream->reply);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:197:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"SMTP hello failure: %.80s",stream->reply);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:216:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to negotiate TLS with this server: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:226:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"SMTP EHLO failure after STARTTLS: %.80s",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:234:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TLS unavailable with this server: %.80s",mb.host);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usr[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:331:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can not authenticate to SMTP server: %.80s",lsterr);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"SMTP SERVER BUG (invalid challenge): %.80s",stream->reply+4);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SENDBUFLEN+1];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:454:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp,"FROM:<"); /* compose "MAIL FROM:<return-path>" */
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:473:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp," BODY=8BITMIME");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:477:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," ENVID=%.100s",ESMTP.dsn.envid);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[2*MAILTMPLEN],orcpt[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:564:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp,"TO:<"); /* compose "RCPT TO:<return-path>" */
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:575:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp," NOTIFY=");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:577:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ESMTP.dsn.notify.failure) strcat (s,"FAILURE,");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:578:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ESMTP.dsn.notify.delay) strcat (s,"DELAY,");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:579:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ESMTP.dsn.notify.success) strcat (s,"SUCCESS,");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:582:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat (tmp,"NEVER");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:584:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (orcpt,"%.498s;%.498s",
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:587:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," ORCPT=%.500s",orcpt);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:623:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:651:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reply = atol (stream->reply);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*r,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:676:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"\015\012");
data/uw-imap-2007f~dfsg/src/c-client/sslio.h:32:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SSLSTREAM *(*open) (char *host,char *service,unsigned long port);
data/uw-imap-2007f~dfsg/src/c-client/sslio.h:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SSLBUFLEN]; /* output buffer */
data/uw-imap-2007f~dfsg/src/c-client/utf8.c:2240:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mark[6] = {0x00,0xc0,0xe0,0xf0,0xf8,0xfc};
data/uw-imap-2007f~dfsg/src/c-client/utf8aux.c:147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst->data = (unsigned char *) fs_get (dsize),src->data,
data/uw-imap-2007f~dfsg/src/charset/widths.c:39:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ucs4_widthtab[32768] = {
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[CHUNKLEN];
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:162:65: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (s[2] && ((s[2] == '-') || isdigit (s[2]))) precedence = atol (s + 2);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:164:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
precedence = atol (s);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:172:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
else if (!(f = tmpfile ())) _exit(fail ("can't make temp file",EX_TEMPFAIL));
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*mailbox,tmp[MAILTMPLEN],path[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivering to %.80s+%.80s",user,mailbox ? mailbox : "INBOX");
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:250:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"invalid mailbox name %.80s+%.80s",user,mailbox);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:271:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(s = strstr (path,"&&&&&")) && strcpy (s,"INBOX") &&
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:304:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"attempting to create mailbox %.80s path %.80s",mailbox,path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"created %.80s",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:338:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(s = strstr (path,"&&&&&")) && strcpy (s,"INBOX")) ? T : NIL;
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:365:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: directory %.80s is listable",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:371:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: multiple links to file %.80s",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:375:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is executable",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:380:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is publicly-writable",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:384:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is publicly-readable",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:396:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (flagseen) sprintf (flags = tmp,"\\Seen %.1000s",keywords);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:402:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"message delivery failed to %.80s",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:406:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivered to %.80s",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:422:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Verifying safe delivery to %.80s",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:425:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivery to %.80s unsafe: ",path);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:433:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (sbuf->st_mode & S_ISUID) strcat (tmp,"setuid file");
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:435:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (sbuf->st_mode & S_ISGID) strcat (tmp,"setgid file");
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:438:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFCHR: strcat (tmp,"character special"); break;
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:439:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFBLK: strcat (tmp,"block special"); break;
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:440:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFLNK: strcat (tmp,"symbolic link"); break;
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:441:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFSOCK: strcat (tmp,"socket"); break;
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:443:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:237:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdbuf[CMDLEN]; /* command buffer */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *litstk[LITSTKLEN]; /* stack to hold literals */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:293:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *s,*t,*u,*v,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proxy[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:323:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *nntp = fopen (NNTPFILE,"r");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:616:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmp,"\\Answered \\Flagged \\Deleted \\Draft \\Seen");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:981:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.300s/nntp}%.300s",nntpproxy,(char *) s+6);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," MESSAGES %lu",stream->nmsgs);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1150:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," RECENT %lu",stream->recent);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1154:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," UNSEEN %lu",unseen);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," UIDNEXT %lu",stream->uid_last+1);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1162:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,")\015\012");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1168:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.300s/nntp}%.300s",nntpproxy,(char *) s+6);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"* OK Timeout in %lu minutes\015\012",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"* %lu EXISTS\015\012* %lu RECENT\015\012",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1355:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"* %lu EXPUNGE\015\012",donefake--);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1358:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"* %lu EXISTS\015\012* %lu RECENT\015\012",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1440:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[%.80sUID %lu ",(char *)
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1581:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"1:%lu",nmsgs);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1630:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!(alf = fopen (file,"r"))) return oldtime;
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,buf[8*MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1855:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (buf,O_WRONLY | O_CREAT | O_TRUNC,0666)) >= 0) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1910:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[256];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2004:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2130:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char base64mask[256] = {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cur->text.data,t,i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2590:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((*string)->text.data,s,i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2642:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE ENVELOPE)");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2644:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE ENVELOPE BODY)");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2645:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strcmp (t,"FAST")) strcpy (t,"(FLAGS INTERNALDATE RFC822.SIZE)");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3005:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cst.data) memcpy ((void *) &st,(void *) &cst,sizeof (SIZEDTEXT));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3026:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (st.size) sprintf (tmp + strlen (tmp),"{%lu}\015\012",st.size);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3027:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat (tmp,"\"\"");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3099:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (tmp,"BODY[TEXT]");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (st->size + 1),st->data,st->size);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3161:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3218:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3257:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
hdr.data = (unsigned char *) memcpy (fs_get (hdr.size),s,hdr.size);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3297:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3389:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pstring ((char *) body_types[body->type]);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3399:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pstring ((char *) body_encodings[body->encoding]);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3458:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pstring ((char *) body_types[body->type]);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3468:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pstring ((char *) body_encodings[body->encoding]);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3563:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3730:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ta->first || ta->last) sprintf (id + strlen (id),"<%lu>",ta->first);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3924:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pattern,"Invalid reference specification: %.80s",ref);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3929:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pattern,"Invalid pattern specification: %.80s",pat);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3934:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pattern,"{%.300s/nntp}",nntpproxy);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3962:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *t,resp[RESPBUFLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4011:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4039:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Cross-format (%.80s -> %.80s) COPY completed",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4070:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",md->msgno);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4075:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (s," \\Seen");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4076:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (s," \\Deleted");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4077:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (s," \\Flagged");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4078:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (s," \\Answered");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4079:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (s," \\Draft");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4318:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," MESSAGES %lu",status->messages);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4320:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," RECENT %lu",status->recent);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4322:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," UNSEEN %lu",status->unseen);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4324:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp)," UIDNEXT %lu",status->uidnext);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4326:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",status->uidvalidity);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4358:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_NOINFERIORS) strcat (tmp," \\NoInferiors");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4359:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_NOSELECT) strcat (tmp," \\NoSelect");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4360:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_MARKED) strcat (tmp," \\Marked");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4361:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_UNMARKED) strcat (tmp," \\UnMarked");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4362:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_HASCHILDREN) strcat (tmp," \\HasChildren");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4363:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (attributes & LATT_HASNOCHILDREN) strcat (tmp," \\HasNoChildren");
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[MAILTMPLEN]; /* space for status string */
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[TMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:128:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = cmdbuf,"%.80s while reading line",e);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:314:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.128s/user=%.128s}INBOX",u,user);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:359:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"1:%lu",j); /* fetch fast information for all messages */
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:458:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",msg[current++]);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[TMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",msg[current]);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:617:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:620:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = tmp,"Mailbox closed (%.80s)",string);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[128]; /* challenge */
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:132:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (challenge,"<%lx.%lx@%.64s>",(unsigned long) getpid (),
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:169:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = tmp,"%.80s, while reading line",e);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:316:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK %lu %lu\015\012",j,k);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:323:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK %lu %lu\015\012",i,
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu %lu\015\012",i,
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:345:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK %lu %08lx%08lx\015\012",i,stream->uid_validity,
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:355:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu %08lx%08lx\015\012",i,stream->uid_validity,
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:371:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK %lu octets\015\012",
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:427:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK %lu\015\012",last);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:506:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (k) sprintf (s,",%lu:%lu",i,k);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:507:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s,",%lu",i);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:521:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (k) sprintf (s,",%lu:%lu",i,k);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:522:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s,",%lu",i);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:681:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"{%.128s/user=%.128s}INBOX",host,user);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:704:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *t,resp[RESPBUFLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:731:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = tmp,"%.80s, while reading authentication",e);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:747:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = tmp,"%.80s, while reading auth char",e);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:781:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"1:%lu",j); /* fetch fast information for all messages */
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:795:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"+OK Mailbox open, %lu messages\015\012",nmsgs);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:982:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:985:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (logout = tmp,"Mailbox closed (%.80s)",string);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*dp,*t,*t1,tmp[MAILTMPLEN],mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:315:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu,%lu",last,m);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:317:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (t,",%lu",m);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:328:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%lu",start = last = m);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:333:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (last != start) sprintf (t,":%lu",last);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:354:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
else if (!(f = tmpfile ())) puts ("can't open temporary file");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *criterion,*r,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:537:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown search criterion: %.30s",criterion);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:581:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:658:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"1:%lu",ap.msgmax);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:664:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"1:%lu",ap.msgno);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,*t1,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:707:56: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ((elt = mail_elt (ap->stream,ap->msgno))->seen) strcat (t," \\Seen");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:708:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (t," \\Deleted");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:709:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (t," \\Flagged");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:710:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (t," \\Answered");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:711:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (t," \\Draft");
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:890:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (*mb->user) strcat (s = tmp,"} password:");
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*dir,*file,*lock,*hitch,tmp[1024];
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:96:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (fstat (atoi (argv[1]),&fsb)) return die ("fstat failure",errno);
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:127:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ld = open (hitch,O_WRONLY|O_CREAT|O_EXCL,LOCKPROTECTION)) >= 0) {
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:147:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ld = open (lock,O_WRONLY|O_CREAT|O_EXCL,LOCKPROTECTION)) >= 0) {
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char personalname[MAILTMPLEN]; /* user's personal name */
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:170:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (arg) last = atoi (arg);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:187:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (arg) last = atoi (arg);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:194:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (arg,"%lu",last);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:202:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parms[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:247:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(last = atoi (arg))) {
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:262:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (arg) last = atoi (arg);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:312:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (arg) last = atoi (arg);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:347:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (arg) last = atoi (arg);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:354:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (arg,"%lu",last);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:403:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp+5,"%4lu) ",elt->msgno);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:414:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp+18,t,(size_t) min (20,(long) strlen (t)));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:423:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"} ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:425:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"%.25s (%lu chars)",
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp+5,"%4lu) ",cache->msgno);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:461:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"} ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:464:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (t += strlen (t)," (%lu chars)",cache->rfc822_size);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:499:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s += strlen (s)," (%lu lines)",body->size.lines);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:502:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s += strlen (s)," (%lu bytes)",body->size.bytes);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,date[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:741:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (*mb->user) strcat (s = tmp,"} password:");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:786:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:824:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text,"\015\012");
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:251:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"CLIENT BUG DETECTED: subscribe of non-mailbox directory %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:257:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],path[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:288:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dt = mail_parameters ((*drivers->open) (NIL),GET_DIRFMTTEST,NIL);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:378:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (name,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:386:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,buf+BUFSIZE,ssiz);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:423:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dt = mail_parameters ((*d->open) (NIL),GET_DIRFMTTEST,NIL);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:459:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:501:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete - invalid name: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:530:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:552:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:571:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:594:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open this name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:595:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:598:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:604:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open %.80s: not a selectable mailbox",
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:607:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open %.80s (file %.80s): not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:656:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (sizeof (MAILSTREAM)),stream,
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:659:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream,test,sizeof (MAILSTREAM));
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:731:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (dummy_file (tmp,mailbox) && ((fd = open (tmp,O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:734:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:744:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *userFlags[NUSERFLAGS] = {NIL};
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:609:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:639:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:646:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*createProto->dtb->open) (NIL);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:720:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:883:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((j = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) lock_protection)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:891:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:902:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock",
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:909:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) lock_protection)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:911:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s lock overridden",file);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:932:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4],arg[20];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:934:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (arg,"%d",fd);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1065:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (lock,O_RDWR,lock_protection)) >= 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1068:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (lock,O_RDWR|O_CREAT|O_EXCL,lock_protection);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1097:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN]; /* buffer to write lock name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,hdr[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:216:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:273:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",++(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:290:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,mbx[MAILTMPLEN],tmp[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:389:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:396:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:403:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:459:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:568:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:572:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:573:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:896:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:900:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:941:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:958:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1009:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1014:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1019:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1038:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1065:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx",dstream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1141:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1261:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1313:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1322:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse internal header at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1332:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message flags at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1342:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message UID at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1352:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1361:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1372:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message date at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1501:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1549:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"*mbx*\015\012%08lx%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1557:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
while (i++ < NUSERFLAGS) strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1558:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + HDRSIZE - 10,"%08lx\015\012",LOCAL->lastpid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1585:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1852:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->lock,lock,MAILTMPLEN);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[CHUNKSIZE]; /* temporary buffer */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,altname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:202:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.900s not found, mh format names disabled",mh_profile);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:210:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (altname,"#mh%.900s",tmp+i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:249:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mh_profile = cpystr (tmp),O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp,*np,curdir[MAILTMPLEN],name[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:426:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (name,"#mh/");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:482:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: invalid MH-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:485:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:510:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:546:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:548:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MH-format name",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:552:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:670:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:858:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox %.80s: no such mailbox",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:872:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((j = atoi (names[i]->d_name)) > old) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:905:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:930:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);/* delete it from the sysinbox */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:939:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy to MH mailbox failed: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1012:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1040:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[MAILTMPLEN],date[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1049:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->buf,O_RDONLY,NIL)) < 0) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1067:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (flags," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1068:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (flags," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1069:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (flags," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1070:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (flags," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1071:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (flags," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*flags,*date,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MH-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1125:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MH-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1133:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last = atoi (names[nfiles-1]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1157:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"/%ld",++last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1158:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1214:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1215:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1232:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dst,"%.900s/%.80s",path,MHINBOXDIR);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1234:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (*name == '#') sprintf (dst,"%.100s/%.900s",path,name + 4);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:405:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"Can't create mailbox %.80s: invalid MIX-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:409:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:414:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:415:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(f = fopen (file,"w")))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:416:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't re-open metadata %.80s: %.80s",mailbox,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:434:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox index: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:439:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox status: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:443:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%08lx",now);/* message file */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:445:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox data: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:471:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't lock mailbox for delete: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:490:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete name %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:516:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:517:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't lock mailbox for rename: %.80s",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MIX-format name",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:576:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:618:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:621:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:720:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:746:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Inconsistency in mix message size, uid=%lx (%lu != %lu)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:783:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message,date[MAILTMPLEN],flags[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:958:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (flags," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:959:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (flags," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:960:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (flags," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:961:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (flags," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:966:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[15];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:967:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sequence,"%lu",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:975:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't copy new mail at message: %lu",i - 1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1087:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't locate mix message file %.08lx",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1101:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1131:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (nexp) sprintf (s = LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s=LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1189:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Backwards-running mix index %lu < %lu",start,s->last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1245:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (LOCAL->buf,O_RDWR,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Error opening mix message file %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Bad message token in mix message file at %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1336:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected short mix message file %.80s %lu < %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2*MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1367:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1415:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1436:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (tmp," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1437:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (tmp," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1438:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (tmp," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1439:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (tmp," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1440:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (tmp," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1474:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy failed: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1486:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error opening copy message file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1564:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1591:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message append failed: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1602:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error opening append message file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1732:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->index,iflags ? O_RDWR : O_RDONLY,NIL)) < 0)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1785:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"flag rename old=%.80s new=%.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1817:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,*msg,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1858:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index invalid UID (%08lx < %08lx)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1864:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1882:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index data unexpunged UID: %lx",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1898:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index data mismatch: %lx",uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1913:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index UID mismatch (%lx < %lx)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1952:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1961:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Missing mix data file: %.500s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1987:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2009:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown record in mix index file: %.500s",s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2028:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->status,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2041:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2105:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2311:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2359:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error updating mix status file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2400:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fd = open (mix_file_data (LOCAL->buf,stream->mailbox,LOCAL->newmsg),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2410:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"short mix message file %.08lx (%ld > %ld), rolling",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2415:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((*fd = open (mix_file_data
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*msg,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2451:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (LOCAL->sortcache,O_RDWR|O_CREAT,sbuf.st_mode)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2452:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!(rdonly = ((fd = open (LOCAL->sortcache,O_RDONLY,NIL)) >= 0)))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2719:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2802:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dst,"%.500s/%.80s%.80s",dir,MIXNAME,name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2817:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (data) sprintf (tmp,"%08lx",data);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:374:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:465:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:478:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (mbx,O_WRONLY,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:547:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:598:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:610:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:637:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Trying to get mailbox lock from process %ld",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:655:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%d",getpid ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:835:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:999:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1051:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1056:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MMDF-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1061:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MMDF-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1071:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1201:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MMDF-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1205:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MMDF-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1212:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1219:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1220:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1221:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1222:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1231:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1243:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1253:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1267:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1501:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1505:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,flags,mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1509:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1571:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1601:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1628:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1825:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1830:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1931:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1932:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2062:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2088:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2091:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2398:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->fd = open (stream->mailbox,O_RDWR,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2459:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:183:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:297:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:310:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:404:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:408:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:409:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:410:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:686:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:703:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:740:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:821:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:828:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:878:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:883:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:888:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:895:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mtx_file (file,mailbox),O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:991:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:995:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:999:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1007:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (mtx_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1033:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1086:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1113:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1179:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1301:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: invalid MX-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:388:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MX-format name",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:433:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:629:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) < 0) return "";
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:739:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((j = atoi (names[i]->d_name)) > old) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:770:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:795:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);/* delete it from the sysinbox */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:803:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy to MX mailbox failed: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:875:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:913:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:939:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ret = ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:953:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (tmp," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:954:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (tmp," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:955:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (tmp," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:956:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (tmp," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:957:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (tmp," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1012:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1016:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1039:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1073:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1130:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1131:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*idx,tmp[2*MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1168:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1219:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error in index: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MXIXBUFLEN + 64];
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"V%08lxL%08lx",stream->uid_validity,stream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1259:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"M%08lx;%08lx.%04x",elt->private.uid,elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[CHUNKSIZE]; /* scratch buffer */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:157:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),O_RDONLY,
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*u,*r,pattern[MAILTMPLEN],name[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:225:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:231:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (name,"#news."); /* write initial prefix */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:378:2: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:422:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:423:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:500:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/os_ami.c:74:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2])
data/uw-imap-2007f~dfsg/src/osdep/amiga/os_ami.h:41:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN]; /* temporary buffer */
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:268:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:310:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"User-Number-%ld",(long) sbuf.st_uid);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:549:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append - not in valid mailbox format: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:550:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Can't append - invalid name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:144:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"DNS resolution %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:150:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"No such host as %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin.sin_addr,s,he->h_length);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:168:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin.sin_addr,he->h_addr,he->h_length);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:219:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:342:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:729:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (host,"DNS canonicalization %.80s",name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:751:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:190:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:304:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:411:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:415:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:416:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:775:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:792:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:911:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:918:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:968:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:973:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:978:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:985:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tenex_file(file,mailbox),O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1081:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1085:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1089:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1097:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tenex_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1123:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1291:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1413:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/amiga/tz_bsd.c:37:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:222:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],*s,*t,c = '\n';
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:338:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (mbx,O_WRONLY,
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:471:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Trying to get mailbox lock from process %ld",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:516:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%d",getpid ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:696:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:860:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:916:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:921:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:926:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:936:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1031:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1060:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1064:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1068:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1075:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1082:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1083:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1084:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1094:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1106:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1116:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1372:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1376:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,flags,mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1380:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1442:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1499:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1661:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1666:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1672:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1767:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1768:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1905:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1931:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1934:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1965:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2252:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->fd = open (stream->mailbox,O_RDWR,
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2313:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create non-INBOX name as mbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2705:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append to that name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:83:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weekday[4]={0,}, month[4]={0,}, time[11]={0,}; \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:84:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzone[4]={0,}; \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:85:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realtime[80]; \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:94:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(realtime," remote from "); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weekday[4]={0,}, month[4]={0,},time[11]={0,}; \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realtime[80]; \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:124:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(realtime," remote from "); \
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:173:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:344:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:400:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:522:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:575:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:597:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a Bezerk-format mailbox: %.80ss",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:606:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:607:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:614:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:626:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:636:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:646:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:755:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN + 1],*db,datemsg[100];
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:764:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:770:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
db = datemsg + strlen (strcpy (datemsg,"Unparsable date: "));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[LISTTMPLEN],file[LISTTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,test[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[LISTTMPLEN],tmpx[LISTTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:331:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_RDONLY,NIL)) < 0)) return T;
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:339:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,buf+BUFSIZE,ssiz);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:398:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0)
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:470:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:476:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open this name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:478:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_RDONLY,NIL)) < 0))
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:535:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (sizeof (MAILSTREAM)),stream,
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:538:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream,test,sizeof (MAILSTREAM));
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:602:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:605:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,dev[4];
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:88:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:142:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (date + strlen (date)," (%.50s)",
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,tmp[MAILTMPLEN+1];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:170:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:294:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tmp,O_BINARY|(stream->rdonly ? O_RDONLY:O_RDWR),NIL)) < 0)&&
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:296:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_BINARY|O_RDWR|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))<0))){
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:493:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Expunged %ld messages",n);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:515:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:543:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:625:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:633:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:654:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:714:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *s,*t,*x,lbuf[65];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:722:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:787:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%010lo%02o",k, /* print new flag string */
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/nl_dos.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (srcl) memcpy (*dst,src,(size_t) srcl);
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnf.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin->sin_addr,hn->h_addr,hn->h_length);
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnv.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin->sin_addr,hn->h_addr,hn->h_length);
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dwa.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,hname[32],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:88:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create TCP socket (%d)",errno);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:75:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:92:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't connect to %.80s,%ld",host,port);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:171:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,(size_t) n);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:117:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to start Windows Sockets (%d)",i);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:152:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"DNS resolution %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin.sin_addr,s,he->h_length);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:212:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError());
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:281:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:308:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:731:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (host,"DNS canonicalization %.80s",name);
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:751:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/mac/dummymac.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:100:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (date += strlen (date),"%+03ld%02ld",tz/60,tzm >= 0 ? tzm : -tzm);
data/uw-imap-2007f~dfsg/src/osdep/mac/os_mac.c:74:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open(a,b,c) open (a,b)
data/uw-imap-2007f~dfsg/src/osdep/mac/os_mac.c:74:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open(a,b,c) open (a,b)
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:119:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hst.cname,"[%ld.%ld.%ld.%ld]",i,j,k,l);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:122:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:171:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Unknown resolver error (%ld): %.80s",
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:184:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
openpb = &stream->pb.csParam.open;
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't connect to %.80s,%ld",hst.cname,port);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:234:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[%ld.%ld.%ld.%ld]",i,j,k,l);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:318:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:352:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,test[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*buf,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:343:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(csiz > sbuf.st_size) || ((fd = open (tmp,O_RDONLY,NIL)) < 0))
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:352:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,buf+BUFSIZE,ssiz);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:375:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:414:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0)
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:417:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:435:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete - invalid name: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:442:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:466:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:489:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:512:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open this name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:513:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:516:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:522:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s (file %.80s) is not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:570:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (sizeof (MAILSTREAM)),stream,
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:573:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream,test,sizeof (MAILSTREAM));
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:640:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:644:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:654:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,dev[4];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:99:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:174:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (date + strlen (date)," (%.50s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:463:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP,0,user,strlen (user) + 1,
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:474:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp+(t-s),"\\%.100s\\My Documents",user);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user,*path,*d,*p,pth[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homedev[3];
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:696:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((ld = open (lock,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) >= 0) && op)
data/uw-imap-2007f~dfsg/src/osdep/nt/ip4_nt.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR4ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip4_nt.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **adl,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:81:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[NI_MAXHOST];
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (adr,(void *) &SADR4ADR (ai->ai_addr),*len);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (adr,(void *) &SADR6ADR (ai->ai_addr),*len);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR4ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR6ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:207:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[NI_MAXHOST];
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:236:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lcname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp,input_name_buffer->value,input_name_buffer->length);
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:408:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"SSPI code %lx",status_value);
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:512:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
buf[1].pvBuffer = ((char *) buf[0].pvBuffer) + buf[0].cbBuffer;
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf[1].pvBuffer,input_message_buffer->value,buf[1].cbBuffer);
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:516:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer;
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:523:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memmove (((char *) buf[0].pvBuffer) + buf[0].cbBuffer,
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:526:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
buf[1].pvBuffer = memmove (((char *)buf[1].pvBuffer) + buf[1].cbBuffer,
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:580:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output_message_buffer->value = fs_get (buf[1].cbBuffer),
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN]; /* buffer to write lock name */
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,hdr[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (file,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",++(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:282:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:379:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:386:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:393:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:447:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:523:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:524:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:792:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:832:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:877:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:882:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:887:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:892:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (dummy_file (file,mailbox),O_RDWR|O_CREAT|O_BINARY,
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:913:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:940:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx",dstream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1011:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1015:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1019:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1044:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1127:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1169:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse internal header at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1188:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message flags at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1198:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message UID at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1217:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1228:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message date at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1403:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"*mbx*\015\012%08lx%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1411:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
while (i++ < NUSERFLAGS) strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1438:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1458:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->lock,lock,MAILTMPLEN);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:183:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:267:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:307:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:354:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:381:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:382:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:383:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:694:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:701:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:749:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:754:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:759:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:766:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:767:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:864:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:868:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:872:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:880:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE))
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:906:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:972:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1037:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1159:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/nl_nt.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (srcl) memcpy (*dst,src,(size_t) srcl);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],certname[256];
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:280:16: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (!((size = MultiByteToWideChar (CP_ACP,0,host,-1,NIL,0)) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:282:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP,0,host,-1,whost,size)))
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:289:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (certname,"<no certificate>");
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:332:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"*%.128s: %.255s",
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:350:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384",
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:369:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:382:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"Unexpected SSPI or certificate error %lx - report this",err);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:456:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:483:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:489:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:516:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:541:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->iextraptr,stream->iextractr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->tcpstream->iptr,i);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:626:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf[1].pvBuffer = stream->obuf + stream->sizes.cbHeader,string,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:630:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset (buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer,0,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384",
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:285:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:298:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"Unexpected SChannel error %lx - report this",err);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:362:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:389:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:447:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->iextraptr,stream->iextractr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:457:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->tcpstream->iptr,i);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:530:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf[1].pvBuffer = stream->obuf + stream->sizes.cbHeader,string,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:534:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset (buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer,0,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],certname[256];
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:243:16: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (!((size = MultiByteToWideChar (CP_ACP,0,host,-1,NIL,0)) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:245:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP,0,host,-1,whost,size)))
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:252:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (certname,"<no certificate>");
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:295:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"*%.128s: %.255s",
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:313:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384",
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:332:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:345:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:390:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf,"Unexpected SSPI or certificate error %lx - report this",err);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:446:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:452:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:479:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:504:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->iextraptr,stream->iextractr);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream->ibuf + n,stream->tcpstream->iptr,i);
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:588:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf[1].pvBuffer = stream->obuf + stream->sizes.cbHeader,string,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:592:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset (buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer,0,
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*hostname,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to start Windows Sockets (%d)",i);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:154:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:159:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"DNS resolution %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,errmsg[100];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:226:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError ());
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:261:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = errmsg,"Can't set blocking mode (%d)",
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:278:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = errmsg,"Unknown error (%d)",err);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:284:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't connect to %.80s,%ld: %.80s",hst,port,s);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:357:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:390:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:441:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:442:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (s = tmp,"TCP buffer read I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:510:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (s = tmp,"TCP data read I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:594:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TCP write I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:854:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (host,"DNS canonicalization %.80s",name);
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:874:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ret = adr,"[%.80s]",ip_sockaddrtostring (sadr));
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.h:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:191:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:315:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:328:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:362:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:385:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:389:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:390:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:391:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:765:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:772:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:820:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:825:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:830:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:837:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:838:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:935:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:939:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:943:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:951:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE))
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:977:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1063:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1128:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1251:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],*s,*t;
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:207:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:300:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:306:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:315:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"\r\nDate: ");
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN],lockx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:372:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't get lock for mailbox %.80s",old);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:377:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:440:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:630:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:786:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:841:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:846:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:856:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:959:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN],
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:988:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:992:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:996:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1003:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1010:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1011:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1012:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1013:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1022:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1034:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1044:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1059:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1311:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))>=0)
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1319:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT,S_IREAD|S_IWRITE))>=0))
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1323:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1331:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1395:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1424:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1451:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1612:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1617:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1623:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1716:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1717:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1841:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1867:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1912:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n");
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2207:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN]; /* callers must be careful not to pop this */
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:234:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ret = fopen (s,"w+b")) ret->_tmpfname = s;
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.c:267:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pwd[PWDLEN];
data/uw-imap-2007f~dfsg/src/osdep/nt/yunchan.h:69:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
#define tmpfile create_tempfile
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,test[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*buf,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:337:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(csiz > sbuf.st_size) || ((fd = open (tmp,O_RDONLY,NIL)) < 0))
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,buf+BUFSIZE,ssiz);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:408:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE)) >= 0)
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:411:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete - invalid name: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:436:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:459:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:479:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:502:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open this name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:503:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:506:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:512:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s (file %.80s) is not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:560:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (sizeof (MAILSTREAM)),stream,
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:563:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream,test,sizeof (MAILSTREAM));
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:627:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:630:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:634:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:644:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,dev[4];
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:68:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:122:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (date + strlen (date)," (%.50s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:229:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((ld = open (lock,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) >= 0) && op)
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN]; /* buffer to write lock name */
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,hdr[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (file,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",++(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:282:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:379:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:386:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:393:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:447:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:523:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:524:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:792:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:832:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:877:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:882:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:887:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:892:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (dummy_file (file,mailbox),O_RDWR|O_CREAT|O_BINARY,
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:913:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:940:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx",dstream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1011:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1015:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1019:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1044:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1127:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1169:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse internal header at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1188:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message flags at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1198:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message UID at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1217:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1228:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message date at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1403:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"*mbx*\015\012%08lx%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1411:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
while (i++ < NUSERFLAGS) strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1438:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1458:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->lock,lock,MAILTMPLEN);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:183:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:267:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:307:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:354:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:381:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:382:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:383:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:694:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:701:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:749:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:754:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:759:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:766:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:767:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:864:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:868:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:872:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:880:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE))
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:906:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:972:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1037:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1159:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/nl_os2.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (srcl) memcpy (*dst,src,(size_t) srcl);
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:64:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s = tmp,"[%i.%i.%i.%i]",he->h_addr[0],he->h_addr[1],
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/os_os2.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin->sin_addr,hn->h_addr,hn->h_length);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:88:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create TCP socket (%d)",errno);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:191:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:315:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:328:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:362:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",old,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:385:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:389:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_BINARY|O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:390:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_BINARY|O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:391:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:765:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:772:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:820:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:825:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:830:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:837:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_BINARY|O_RDWR|O_CREAT,S_IREAD|S_IWRITE)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:838:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to open copy mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:935:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:939:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:943:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:951:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (file,O_BINARY|O_WRONLY|O_APPEND|O_CREAT,S_IREAD|S_IWRITE))
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:977:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1063:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %ld to %ld!",curpos,sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1128:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1251:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],*s,*t;
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:207:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_BINARY|O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:300:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:306:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:315:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,"\r\nDate: ");
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN],lockx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:372:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't get lock for mailbox %.80s",old);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:377:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:440:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:630:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:786:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:841:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:846:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:856:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:959:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN],
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:988:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:992:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:996:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1003:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1010:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1011:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1012:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1013:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1022:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1034:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1044:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1059:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1311:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT|O_EXCL,S_IREAD|S_IWRITE))>=0)
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1319:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((ld = open(lock,O_BINARY|O_WRONLY|O_CREAT,S_IREAD|S_IWRITE))>=0))
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1323:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1331:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1395:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1424:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1451:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1612:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1617:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1623:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1716:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1717:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1841:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1867:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1912:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n");
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2207:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummyt20.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/dummyt20.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/env_t20.c:179:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!jsys (GTHST,argblk)) strcpy (tmp,"LOCAL");
data/uw-imap-2007f~dfsg/src/osdep/tops-20/nl_t20.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (srcl) memcpy (*dst,src,(size_t) srcl);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/os_t20.c:88:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pwd[PWDLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:73:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[%lu.%lu.%lu.%lu]",i,j,k,l);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:76:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:104:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (file,"TCP:.%o-%d;PERSIST:30;CONNECTION:ACTIVE",argblk[3],port);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:123:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!jsys (GTHST,argblk)) strcpy (tmp,"LOCAL");
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),stream->ibuf,*size = n - 2);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),stream->ibuf,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:335:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_bsi.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_dce.c:52:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd = fopen (PASSWD_OVERRIDE,"r")) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_gss.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svrnam[MAILTMPLEN],cltnam[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_gss.c:50:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (svrnam,"%.80s@%.512s",
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_gss.c:54:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cltnam,"%.80s/%.80s",pw->pw_name,
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c:84:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left);
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_psx.c:91:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[ALERT] Account expires in %ld day(s)",(long) left);
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sv4.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_sv4.c:80:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left);
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_svo.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_svo.c:79:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"[ALERT] Password expires in %ld day(s)",(long) left);
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hitch[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:52:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open (hitch,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:66:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) >= 0){
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_std.c:40:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open (name,O_WRONLY|O_CREAT|O_EXCL,(int) shlock_mode)) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,test[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:251:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"CLIENT BUG DETECTED: subscribe of non-mailbox directory %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:257:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't subscribe %.80s: not a mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],path[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:288:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dt = mail_parameters ((*drivers->open) (NIL),GET_DIRFMTTEST,NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:378:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (name,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:386:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,buf+BUFSIZE,ssiz);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:423:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dt = mail_parameters ((*d->open) (NIL),GET_DIRFMTTEST,NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:459:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:501:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (path,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox node %.80s: %.80s",path,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete - invalid name: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:530:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],mbx[MAILTMPLEN],oldname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:552:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't rename %.80s to %.80s: invalid name",old,newname);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:571:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",old,newname,
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:594:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open this name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:595:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:598:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"%.80s: %.80s",strerror (errno),stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:604:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open %.80s: not a selectable mailbox",
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:607:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Can't open %.80s (file %.80s): not in valid mailbox format",
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:656:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_get (sizeof (MAILSTREAM)),stream,
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:659:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stream,test,sizeof (MAILSTREAM));
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:731:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (dummy_file (tmp,mailbox) && ((fd = open (tmp,O_RDONLY,NIL)) < 0)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:734:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.80s: %.80s",strerror (e),mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:744:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Indeterminate mailbox format: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:99:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *userFlags[NUSERFLAGS] = {NIL};
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:805:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:867:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:868:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:881:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!myNewsrc) myNewsrc = cpystr(strcat (strcpy (tmp,myHomeDir),"/.newsrc"));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:885:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*createProto->dtb->open) (NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:935:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:969:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1157:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is locked, will override in %d seconds...",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1174:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox vulnerable - seizing %ld second old lock",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1181:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open (base->lock,O_WRONLY|O_CREAT,(int) dotlock_mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1183:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s lock overridden",file);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1202:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4],arg[20];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1211:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (arg,"%d",fd);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1345:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (lock,O_RDWR,shlock_mode)) >= 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1348:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (lock,O_RDWR|O_CREAT|O_EXCL,shlock_mode);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1364:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't lock for write: %.80s must have 1777 protection",
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1382:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*k,*r,tmp[MAILTMPLEN],tmpx[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1560:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen (file ? file : SYSCONFIG,"r")) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1588:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
createProto = d ? ((*d->open) (NIL)) : &CREATEPROTO;
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1596:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
createProto = (*d->open) (NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1610:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((*d->open) (NIL)) : &EMPTYPROTO;
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1616:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d) appendProto = (*d->open) (NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1641:51: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_MHALLOWINBOX,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1680:50: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_OPENTIMEOUT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1682:50: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_READTIMEOUT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1684:51: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_WRITETIMEOUT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1686:49: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_RSHTIMEOUT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1688:49: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_SSHTIMEOUT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1690:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_MAXLOGINTRIALS,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1692:48: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_LOOKAHEAD,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1694:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_PREFETCH,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1696:51: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_CLOSEONERROR,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1698:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_IMAPPORT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1700:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_POP3PORT,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1702:51: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_UIDLOOKAHEAD,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1704:50: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_TRYSSLFIRST,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1707:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mbx_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1709:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dir_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1711:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dotlock_mode = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1713:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ftp_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1715:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
public_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1717:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shared_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1719:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ftp_dir_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1721:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
public_dir_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1723:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shared_dir_protection = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1725:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locktimeout = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1727:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fcntlhangbug = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1729:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disableLockWarning = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1731:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
has_no_life = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1733:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hideDotFiles = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1735:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list_max_level = atol (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1737:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_TRUSTDNS,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1739:54: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_SASLUSESPTRNAME,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1741:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netfsstatbug = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1743:48: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_NNTPRANGE,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1761:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disablePlaintext = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1763:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logtry = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1765:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
closedBox = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1774:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
advertisetheworld = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1776:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limitedadvertise = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1779:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
noautomaticsharedns = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1781:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
allowuserconfig = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1783:56: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mail_parameters (NIL,SET_ALLOWREVERSEDNS,(void *) atol (k));
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1785:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
kerb_cp_svr_name = atoi (k);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flockcyg.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocklnx.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:142:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected file locking failure: %.100s",
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:192:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_RDWR,0)) < 0) abort();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:199:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd2 = open (file,O_RDWR,0)) < 0) abort ();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:209:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_RDWR,0666)) < 0) abort ();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:246:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_RDWR,0)) < 0) abort();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:249:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd2 = open (file,O_RDWR,0)) < 0) abort ();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:259:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,O_RDWR,0666)) < 0) abort ();
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,event[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:380:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Execution process event string too long: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:398:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Failed to pipe %lu bytes (of %lu), last=%u: %.100s",
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:413:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid log event arguments: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:427:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid notify event arguments: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:454:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid status event arguments: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:486:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid diskerror event arguments: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:492:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown event from execution process: %.500s",event);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:500:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Execution process terminated abnormally (%lx)",ret);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:778:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown master response for diskerror: %c",c);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:819:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:832:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"Pipe broken reading %.100s with %lu bytes remaining",error,n);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:865:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (c == EOF) sprintf (tmp,"Pipe broken after flag size %lu",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:866:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Missing delimiter after flag size %lu: %c",n,c);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:873:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (c == EOF) sprintf (tmp,"Pipe broken after date size %lu",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:874:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Missing delimiter after date size %lu: %c",n,c);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:881:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (c == EOF) sprintf (tmp,"Pipe broken after message size %lu",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:882:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Missing delimiter after message size %lu: %c",n,c);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:900:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown master response for append: %c",c);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip4_unix.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR4ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip4_unix.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **adl,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:81:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[NI_MAXHOST];
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (adr,(void *) &SADR4ADR (ai->ai_addr),*len);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (adr,(void *) &SADR6ADR (ai->ai_addr),*len);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR4ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR6ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:207:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[NI_MAXHOST];
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:236:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lcname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ipo_unix.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&SADR4ADR (sadr),adr,adrlen);
data/uw-imap-2007f~dfsg/src/osdep/unix/ipo_unix.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/kerb_mit.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kuser[NETMAXUSER];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN]; /* buffer to write lock name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,*t,hdr[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:216:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (tmp,(flags ? O_RDWR : O_RDONLY)|O_BINARY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:273:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",++(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:290:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hdr,"%08lx",(*stream)->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,mbx[MAILTMPLEN],tmp[HDRSIZE];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:389:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mbx,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:396:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mbx,O_WRONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:403:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"*mbx*\015\012%08lx00000000\015\012",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:459:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:568:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:572:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:573:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY|O_BINARY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:896:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:900:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:941:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:958:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1009:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1014:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1019:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1038:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1065:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx",dstream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MBX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1141:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MBX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1261:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1313:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to find CRLF at %lu in %lu bytes, text: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1322:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse internal header at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1332:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message flags at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1342:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message UID at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1352:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message size at %lu: %.80s,%.80s;%.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1361:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1372:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UID %08lx in message %lu, rebuilding UIDs",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to parse message date at %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1501:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag read!",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1549:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"*mbx*\015\012%08lx%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1557:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
while (i++ < NUSERFLAGS) strcat (s,"\015\012");
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1558:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + HDRSIZE - 10,"%08lx\015\012",LOCAL->lastpid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1585:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Mailbox shrank from %lu to %lu in flag update!",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%08lx%04x-%08lx",elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1852:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->lock,lock,MAILTMPLEN);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[CHUNKSIZE]; /* temporary buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,altname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:202:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%.900s not found, mh format names disabled",mh_profile);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:210:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (altname,"#mh%.900s",tmp+i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:249:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mh_profile = cpystr (tmp),O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,test[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp,*np,curdir[MAILTMPLEN],name[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:426:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (name,"#mh/");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:482:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: invalid MH-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:485:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:510:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:546:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:548:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MH-format name",
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:552:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:670:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:858:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox %.80s: no such mailbox",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:872:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((j = atoi (names[i]->d_name)) > old) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:905:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:930:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);/* delete it from the sysinbox */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:939:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy to MH mailbox failed: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1012:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1040:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[MAILTMPLEN],date[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1049:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->buf,O_RDONLY,NIL)) < 0) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1067:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (flags," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1068:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (flags," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1069:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (flags," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1070:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (flags," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1071:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (flags," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*flags,*date,*s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MH-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1125:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MH-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1133:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last = atoi (names[nfiles-1]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1157:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"/%ld",++last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1158:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1214:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1215:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1232:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dst,"%.900s/%.80s",path,MHINBOXDIR);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1234:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (*name == '#') sprintf (dst,"%.100s/%.900s",path,name + 4);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:405:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"Can't create mailbox %.80s: invalid MIX-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:409:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:414:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: %.80s",mailbox,strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:415:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(f = fopen (file,"w")))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:416:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't re-open metadata %.80s: %.80s",mailbox,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:434:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox index: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:439:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox status: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:443:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%08lx",now);/* message file */
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:445:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mix mailbox data: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:471:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't lock mailbox for delete: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:490:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete name %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:516:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (tmp,O_RDWR,NIL)) < 0) || flock (fd,LOCK_EX|LOCK_NB))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:517:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't lock mailbox for rename: %.80s",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MIX-format name",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:576:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s to %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:618:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:621:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((LOCAL->mfd = open (mix_file (LOCAL->buf,stream->mailbox,MIXMETA),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:720:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:746:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Inconsistency in mix message size, uid=%lx (%lu != %lu)",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:783:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,stream->mailbox,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message,date[MAILTMPLEN],flags[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:958:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (flags," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:959:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (flags," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:960:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (flags," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:961:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (flags," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:966:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[15];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:967:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sequence,"%lu",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:975:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't copy new mail at message: %lu",i - 1);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1087:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't locate mix message file %.08lx",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1101:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1131:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (nexp) sprintf (s = LOCAL->buf,"Expunged %lu messages",nexp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s=LOCAL->buf,"Reclaimed %lu bytes of expunged space",reclaimed);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1189:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Backwards-running mix index %lu < %lu",start,s->last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1245:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (LOCAL->buf,O_RDWR,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Error opening mix message file %.80s: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Bad message token in mix message file at %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1336:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected short mix message file %.80s %lu < %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2*MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1367:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1415:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->msgfd = open (mix_file_data (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1436:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (tmp," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1437:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (tmp," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1438:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (tmp," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1439:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (tmp," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1440:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (tmp," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1474:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy failed: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1486:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error opening copy message file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1564:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1591:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message append failed: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1602:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error opening append message file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1732:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->index,iflags ? O_RDWR : O_RDONLY,NIL)) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1785:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"flag rename old=%.80s new=%.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1817:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,*msg,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1858:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index invalid UID (%08lx < %08lx)",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1864:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1882:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index data unexpunged UID: %lx",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1898:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index data mismatch: %lx",uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1913:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"mix index UID mismatch (%lx < %lx)",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1952:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1961:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Missing mix data file: %.500s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1987:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp,", repaired");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2009:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unknown record in mix index file: %.500s",s);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2028:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOCAL->status,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2041:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2105:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2311:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2359:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error updating mix status file: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2400:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fd = open (mix_file_data (LOCAL->buf,stream->mailbox,LOCAL->newmsg),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2410:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"short mix message file %.08lx (%ld > %ld), rolling",
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2415:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((*fd = open (mix_file_data
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*msg,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2451:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (((fd = open (LOCAL->sortcache,O_RDWR|O_CREAT,sbuf.st_mode)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2452:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!(rdonly = ((fd = open (LOCAL->sortcache,O_RDONLY,NIL)) >= 0)))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2719:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2802:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dst,"%.500s/%.80s%.80s",dir,MIXNAME,name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2817:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (data) sprintf (tmp,"%08lx",data);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:374:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:465:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:478:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (mbx,O_WRONLY,
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:547:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:598:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:610:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:637:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Trying to get mailbox lock from process %ld",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:655:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%d",getpid ());
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:835:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:999:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1051:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1056:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MMDF-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1061:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MMDF-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1071:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1201:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MMDF-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1205:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MMDF-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1212:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1219:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1220:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1221:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1222:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1231:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1243:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1253:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1267:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1501:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1505:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,flags,mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1509:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1571:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1601:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1628:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1825:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1830:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1931:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1932:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2062:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2088:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2091:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2398:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->fd = open (stream->mailbox,O_RDWR,
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2459:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:183:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:297:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:310:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:404:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:408:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:409:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:410:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open mailbox: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:686:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:703:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:740:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:821:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:828:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:878:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:883:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:888:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:895:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mtx_file (file,mailbox),O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:991:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:995:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MTX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:999:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MTX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1007:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (mtx_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1033:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1086:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1113:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1179:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1301:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: invalid MX-format name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create mailbox %.80s: mailbox already exists",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:388:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't delete mailbox %.80s: no such mailbox",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],tmp1[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename mailbox %.80s: no such mailbox",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: invalid MX-format name",
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:433:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't rename to mailbox %.80s: destination already exists",
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:629:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL)) < 0) return "";
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:739:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((j = atoi (names[i]->d_name)) > old) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:770:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (LOCAL->buf,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:795:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%lu",i);/* delete it from the sysinbox */
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:803:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message copy to MX mailbox failed: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:875:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:913:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a MX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:939:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ret = ((fd = open (mx_fast_work (stream,elt),O_RDONLY,NIL))
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:953:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->seen) strcat (tmp," \\Seen");
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:954:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->deleted) strcat (tmp," \\Deleted");
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:955:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->flagged) strcat (tmp," \\Flagged");
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:956:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->answered) strcat (tmp," \\Answered");
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:957:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (elt->draft) strcat (tmp," \\Draft");
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1012:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid MX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1016:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a MX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1039:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1073:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_WRONLY|O_CREAT|O_EXCL,
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1130:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1131:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*idx,tmp[2*MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1168:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(LOCAL->fd = open (strcat (strcpy (tmp,stream->mailbox),MXINDEXNAME),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1219:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error in index: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MXIXBUFLEN + 64];
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s = tmp,"V%08lxL%08lx",stream->uid_validity,stream->uid_last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1259:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"M%08lx;%08lx.%04x",elt->private.uid,elt->user_flags,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[CHUNKSIZE]; /* scratch buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:157:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),O_RDONLY,
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*u,*r,pattern[MAILTMPLEN],name[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:225:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open ((char *) mail_parameters (NIL,GET_NEWSACTIVE,NIL),
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:231:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (name,"#news."); /* write initial prefix */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:378:2: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:422:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi ((*(struct direct **) d1)->d_name) -
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:423:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi ((*(struct direct **) d2)->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:500:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((fd = open (LOCAL->buf,O_RDONLY,NIL)) >= 0)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/opendir.c:38:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (name,O_RDONLY,NIL);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_a32.h:43:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_a41.h:43:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_a52.h:46:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_aix.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *tzname[2];
data/uw-imap-2007f~dfsg/src/osdep/unix/os_aix.c:59:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_aos.c:56:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsd.c:56:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsf.c:51:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_bsi.c:51:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_cvx.c:54:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_d-g.h:49:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_do4.c:55:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_dyn.c:55:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_dyn.h:53:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy memmove
data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.c:58:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.c:76:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (uname (&udata)) ? 0xfeedface : atol (udata.__idnumber);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_hpp.h:54:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_lnx.c:51:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_mnt.c:50:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_nto.h:63:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_nxt.c:50:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_osx.c:50:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.c:65:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_ptx.h:56:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_pyr.h:50:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy memmove
data/uw-imap-2007f~dfsg/src/osdep/unix/os_s40.c:56:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sc5.h:59:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sco.h:59:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sgi.h:52:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.c:60:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.c:78:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (uname (&udata)) ? 0xfeedface : atol (udata.__idnumber);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_shp.h:54:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_slx.c:53:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sol.c:62:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_soln.h:72:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_solo.h:69:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sua.c:50:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sun.c:56:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sun.h:49:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy memmove
data/uw-imap-2007f~dfsg/src/osdep/unix/os_sv4.h:63:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2]);
data/uw-imap-2007f~dfsg/src/osdep/unix/os_ult.c:49:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/os_vu2.c:75:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
#define fork vfork
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN]; /* temporary buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:268:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:310:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"User-Number-%ld",(long) sbuf.st_uid);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:549:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append - not in valid mailbox format: %.80s",s);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:550:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Can't append - invalid name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[SSLBUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:101:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT|O_EXCL,0600)) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:107:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx",
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reason,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:175:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:188:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*err,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:292:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *err,cert[256],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:316:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"*%.128s: %.255s",err,cert);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:445:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:451:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:478:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:529:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:530:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (s = tmp,"SSL data read I/O error %d SSL error %d",
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:583:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"SSL data write I/O error %d SSL error %d",
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert[MAILTMPLEN],key[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/sslstdio.c:143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sslstdio->optr,t,j = min (i,sslstdio->octr));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*hostname,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:182:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:187:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"DNS resolution %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:193:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"No such host as %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAILTMPLEN],tmp[MAILTMPLEN],*path,*argv[MAXARGV+1],*r;
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:352:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:366:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg,"Trying %.100s",tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:467:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:494:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:500:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:527:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:560:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:561:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (s = tmp,"TCP buffer read I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:616:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:617:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (s = tmp,"TCP data read I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:684:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:685:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"TCP write I/O error %d",errno);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:828:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*v,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:833:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (v = tmp,"%.80s=%.80s",t,s);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:928:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (host,"DNS canonicalization %.80s",name);
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:947:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:948:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ret = adr,"[%.80s]",ip_sockaddrtostring (sadr));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:190:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,*s,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:304:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:411:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:415:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open (tmp,O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:416:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tmp,O_RDONLY,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdr,*txt,lock[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:775:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:792:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"1:%lu",r);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:911:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:918:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Expunged %lu messages",n);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:968:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:973:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid Tenex-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:978:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a Tenex-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:985:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (tenex_file(file,mailbox),O_RDWR,NIL)) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1081:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1085:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid TENEX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1089:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a TENEX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1097:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open (tenex_file (file,mailbox),O_WRONLY|O_APPEND,NIL)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1123:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu!",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1291:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Last message (at %lu) runs past end of file (%lu > %lu)",
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1413:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"%010lo%02o",k,(unsigned)
data/uw-imap-2007f~dfsg/src/osdep/unix/tz_bsd.c:37:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone);
data/uw-imap-2007f~dfsg/src/osdep/unix/tz_sv4.c:37:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s + strlen (s)," (%.50s)",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:222:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,O_RDONLY,NIL)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],*s,*t,c = '\n';
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,mbx[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create %.80s: invalid name",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:338:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (mbx,O_WRONLY,
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN],file[MAILTMPLEN],lock[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox %.80s is in use by another process",old);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:471:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't open - invalid name: %.80s",stream->mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Trying to get mailbox lock from process %ld",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:516:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"%d",getpid ());
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:696:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*tl,tmp[CHUNKSIZE];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:860:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (i) sprintf (msg = LOCAL->buf,"Expunged %lu messages",i);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:916:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:921:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:926:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:936:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (LOCAL->buf,"Unable to write-open mailbox for COPYUID: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1031:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags,*date,buf[BUFLEN],tmp[MAILTMPLEN],file[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1060:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't access destination: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1064:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Invalid UNIX-format mailbox name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1068:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Not a UNIX-format mailbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1075:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to examine mailbox for APPEND: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1082:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(sf = tmpfile ())) { /* must have scratch file */
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1083:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,".%lx.%lx",(unsigned long) time (0),(unsigned long)getpid ());
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1084:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat (tmp,&sbuf) || !(sf = fopen (tmp,"wb+"))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1094:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad date in append: %.80s",date);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1106:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error writing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1116:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error finishing scratch file: %.80s",strerror (errno));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to re-open mailbox for APPENDUID: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1372:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1376:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open (file,flags,mode)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1380:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file,flags,mode)) >= 0) flock (fd,op);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1442:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c,*s,*t,*u,tmp[MAILTMPLEN],date[30];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Mailbox shrank from %lu to %lu bytes, aborted",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1499:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unexpected changes to mailbox (try restarting): %.20s",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1661:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu already has UID %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1666:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu less than %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1672:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Message %lu UID %lu greater than last %lu",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1767:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1768:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (err,"Discarding bogus continuation in msg %lu: %.80s",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1905:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (LOCAL->linebuf,bs->curpos,i);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1931:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,LOCAL->linebuf,i);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1934:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + i,bs->curpos,k = min (j,bs->cursize));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1965:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t,stack[64];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2252:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((LOCAL->fd = open (stream->mailbox,O_RDWR,
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2313:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,k = min (j,size));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (f->bufpos,buf,size);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't create non-INBOX name as mbox: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2705:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't append to that name: %.80s",mailbox);
data/uw-imap-2007f~dfsg/src/osdep/unix/utime.c:37:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int portable_utime (char *file,time_t timep[2])
data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/dummyvms.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:67:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/os_vms.c:71:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pwd[PWDLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vms.h:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to assign to net, status=%d",status);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:72:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create local socket, status=%d",status);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:160:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:166:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:222:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Error reading from TcpIp/NETLIB, status=%d",status);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:348:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Can't get local hostname, status=%d",status);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:107:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:122:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin.sin_addr,host_name->h_addr,host_name->h_length);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:125:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"No such host as %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:141:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create selectable TCP socket (%d >= %d)",
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:233:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:267:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufptr,stream->iptr,n);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsn.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsn.c:52:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (port) sprintf (tmp,"Can't connect to %.80s,%d: no TCP",host,port);
data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/dummywce.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:85:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/nl_wce.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (srcl) memcpy (*dst,src,(size_t) srcl);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:117:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to start Windows Sockets (%d)",i);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Bad format domain-literal: %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:152:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"DNS resolution %.80s",host);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin.sin_addr,s,he->h_length);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:212:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create TCP socket (%d)",WSAGetLastError());
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:281:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret + n,stc->text.data,stc->text.size);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:308:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret,s,*size = n); /* copy into a free storage string */
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret = (char *) fs_get (n)),s,*size = n);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s,stream->iptr,n); /* yes, slurp as much as we can from it */
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,host[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:731:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (host,"DNS canonicalization %.80s",name);
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret,*t,adr[MAILTMPLEN],tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:751:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ret = adr,"[%.80s]",inet_ntoa (sin->sin_addr));
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[BUFLEN]; /* input buffer */
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[CHUNKLEN];
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:171:67: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (s[2] && ((s[2] == '-') || isdigit (s[2]))) precedence = atol (s + 2);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:173:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
precedence = atol (s);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:196:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
else if (!(f = tmpfile ())) ret = fail ("can't make temp file",EX_TEMPFAIL);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:205:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pwd) sprintf (tmp,"user %.80s",pwd->pw_name);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:206:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (tmp,"UID %ld",(long) ruid);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:207:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmp," is not privileged to use -b or -I");
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,*mailbox,tmp[MAILTMPLEN],path[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:287:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"no such user as %.80s",user);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:297:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"unable to log in UID %ld from UID %ld",
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:303:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivering to %.80s+%.80s",user,mailbox ? mailbox : "INBOX");
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:317:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"invalid mailbox name %.80s+%.80s",user,mailbox);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:343:47: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(s[1] || ((t = strstr (path,"&&&&&")) && strcpy (t,"INBOX"))))) {
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:345:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to resolve driver in %.80s, -I ignored",inbox);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:362:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to resolve %.80s, -I ignored",inbox);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:372:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Unable to create %.80s, -I ignored",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:393:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(s = strstr (path,"&&&&&")) && strcpy (s,"INBOX") &&
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:409:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!ibxpath (ds = format ? (format->open) (NIL) : default_proto (NIL),
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"attempting to create mailbox %.80s path %.80s",mailbox,path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:431:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"created %.80s",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:461:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(s = strstr (path,"&&&&&")) && strcpy (s,"INBOX")) ? T : NIL;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:488:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: directory %.80s is listable",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:494:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: multiple links to file %.80s",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:498:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is executable",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:503:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is publicly-writable",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:507:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"WARNING: file %.80s is publicly-readable",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"message delivery failed to %.80s",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivered to %.80s",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:540:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"Verifying safe delivery to %.80s by UID %ld",path,(long) uid);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:543:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp,"delivery to %.80s unsafe: ",path);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:547:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"uid mismatch (%ld != %ld)",
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:554:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (sbuf->st_mode & S_ISUID) strcat (tmp,"setuid file");
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:556:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (sbuf->st_mode & S_ISGID) strcat (tmp,"setgid file");
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:559:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFCHR: strcat (tmp,"character special"); break;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:560:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFBLK: strcat (tmp,"block special"); break;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:561:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFLNK: strcat (tmp,"symbolic link"); break;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:562:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case S_IFSOCK: strcat (tmp,"socket"); break;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:564:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAILTMPLEN];
data/uw-imap-2007f~dfsg/tools/uahelper.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s,*t,line[LINELENGTH];
data/uw-imap-2007f~dfsg/src/c-client/auth_ext.c:65:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*responder) (stream,strcpy (user,mb->user),strlen (mb->user))) {
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:70:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.length = strlen (buf.value = tmp);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:145:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.length = strlen (buf.value = tmp);
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:208:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.value = tmp; buf.length = strlen (user) + 4;
data/uw-imap-2007f~dfsg/src/c-client/auth_gss.c:333:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.length = strlen (buf.value = tmp);
data/uw-imap-2007f~dfsg/src/c-client/auth_log.c:76:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*responder) (stream,user,strlen (user)) &&
data/uw-imap-2007f~dfsg/src/c-client/auth_log.c:80:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*responder) (stream,pwd,strlen (pwd))) {
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd,strlen (pwd)));
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:119:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*responder) (stream,pwd,strlen (pwd))) {
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:155:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (user = (*responder) (chal,cl = strlen (chal),NIL)) {
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:163:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen (p);
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:195:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:244:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (s,0,strlen (s)); /* erase sensitive information */
data/uw-imap-2007f~dfsg/src/c-client/auth_md5.c:246:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update (&ctx,(unsigned char *) tmp,strlen (tmp));
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:82:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2;
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:82:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2;
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:82:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2;
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:125:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((((unsigned long) ((user = aid + strlen (aid) + 1) - aid)) < len) &&
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:126:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(((unsigned long) ((pass = user + strlen (user) + 1) - aid)) < len) &&
data/uw-imap-2007f~dfsg/src/c-client/auth_pla.c:127:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(((unsigned long) ((pass + strlen (pass)) - aid)) == len) &&
data/uw-imap-2007f~dfsg/src/c-client/flstring.c:74:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*s->curpos = (char) getc ((FILE *) s->data);
data/uw-imap-2007f~dfsg/src/c-client/flstring.c:90:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*s->curpos = (char) getc ((FILE *) s->data);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:535:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prefix,ref,pl); /* build prefix */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:545:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prefix,pat,pl); /* build prefix */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:704:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mailbox + strlen (mailbox) + 1) : NIL);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:749:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,")");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:808:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:908:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb.host,(long) mail_parameters(NIL,GET_SASLUSESPTRNAME,NIL)?
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:958:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),":%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:971:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:974:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"}");
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1081:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (imap_challenge (stream,&i)) imap_response (stream,s,strlen (s));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1249:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (reply->text),len))) {
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1393:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len - (slen = (t += strlen (t)) - s)) < 20) {
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1403:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen (s); /* end of buffer */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1499:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k && set && (((s += strlen (s)) - seq) < (MAXCOMMAND - 30));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1519:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),",%lu",i++);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1523:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),",%lu:%lu",i,x);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1537:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),",%lu",i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1545:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* find string end, see if nearing end */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1552:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i != --j) sprintf (s + strlen (s),":%lu",i = j);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1572:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (imap_extrahdrs) sprintf (tmp + strlen (tmp)," %s %s %s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1575:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else sprintf (tmp + strlen (tmp)," %s %s",
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1708:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,section,t-section);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1891:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* find string end, see if nearing end */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:1898:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i != --j) sprintf (s + strlen (s),":%lu",i = j);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2091:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point at end of string */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2099:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point at end of string */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2225:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len - (j = ((t += strlen (t)) - s)) < 20)) {
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2234:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen (s); /* end of buffer */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2408:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point at end of string */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2413:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point at end of string */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2796:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->text.size = strlen((char *) (l->text.data = (unsigned char*)cpystr(v->attr)));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:2799:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->text.size = strlen((char *) (l->text.data = (unsigned char*)cpystr(v->value)));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3018:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = CMDBASE + strlen (CMDBASE);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3027:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3038:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st.size = strlen ((char *) (st.data = (unsigned char *) arg->text));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3043:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st.size = strlen ((char *) (st.data = (unsigned char *) arg->text));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3128:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i = strlen (t = (char *) arg->text)) <= (size_t) MAXCOMMAND)
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3161:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st.size = strlen ((char *) (st.data = (unsigned char *) arg->text));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3194:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st.size = strlen ((char *) (st.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3226:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3332:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s); /* size of literal count */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3401:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3405:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3438:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3442:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3567:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3575:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3632:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*s += strlen (*s);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3673:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s = (char *) fs_get ((i = strlen (string) + 2) + 1),
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:3751:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LOCAL->reply.text = LOCAL->reply.key + strlen (LOCAL->reply.key);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4129:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strcpy (strncpy (LOCAL->tmp,stream->mailbox,i) + i,t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4165:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (LOCAL->prefix && ((strlen (LOCAL->prefix) + j) < IMAPTMPLEN))
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4412:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (LOCAL->prefix) + strlen (reply->text)) < IMAPTMPLEN))
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4412:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (LOCAL->prefix) + strlen (reply->text)) < IMAPTMPLEN))
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:4445:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (s = strchr (strncpy (t = LOCAL->tmp,s,i),' ')) *s++ = '\0';
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5026:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
ret = strncpy ((char *) fs_get (i + 1),s,i);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5787:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rs = LOCAL->reform = (char *) fs_get (1+ strlen (sequence));
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5790:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rs,s,i = t - s); /* copy string up to that point */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5802:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!tl) tl = t + strlen (t);
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5806:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rs,s,i = tl - s);/* copy string up to that point */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5811:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rs,t,i = tl - t);/* swap the order */
data/uw-imap-2007f~dfsg/src/c-client/imap4r1.c:5813:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rs+i+1,s,j = (t-1) - s);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:679:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (mailbox) < (NETMAXHOST+(NETMAXUSER*2)+NETMAXMBX+NETMAXSRV+50))
data/uw-imap-2007f~dfsg/src/c-client/mail.c:750:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((j = t - v) < MAILTMPLEN) && (strlen (t+1) < (size_t) NETMAXMBX)))
data/uw-imap-2007f~dfsg/src/c-client/mail.c:752:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb->host,name,i); /* set host name */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:753:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb->orighost,name,i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:757:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (t = tmp,v,j); /* copy it */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:790:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (v); /* length of argument */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:864:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ref && (strlen (ref) > NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:870:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pat) > NETMAXMBX) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:899:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ref && (strlen (ref) > NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:905:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pat) > NETMAXMBX) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:932:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ref && (strlen (ref) > NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:938:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pat) > NETMAXMBX) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1001:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (mailbox) >= (NETMAXHOST+(NETMAXUSER*2)+NETMAXMBX+NETMAXSRV+50)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1028:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,t,i);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1201:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,name+6,i); /* copy snarf mailbox name */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1219:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mb.port) sprintf (tmp + strlen (tmp),":%lu",mb.port);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1220:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=%.64s",mb.user);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1724:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (section && (strlen (section) > (MAILTMPLEN - 20))) return "";
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1815:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (section && (strlen (section) > (MAILTMPLEN - 20))) return "";
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1870:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (section && (strlen (section) > (MAILTMPLEN - 20))) return "";
data/uw-imap-2007f~dfsg/src/c-client/mail.c:1936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (section) > (MAILTMPLEN - 20)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2014:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (section && (strlen (section) > (MAILTMPLEN - 20))) return NIL;
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2274:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (s,t,(size_t) min (length,(long) strlen (t)));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2293:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (env && env->subject) strncpy (s,env->subject,(size_t) length);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2447:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (uf = elt->user_flags,s = flags + strlen (flags);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2449:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((MAILTMPLEN - (s - tmp)) > (long) (2 + strlen (f)));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2450:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s)) sprintf (s," %s",f);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2595:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (mailbox) >=
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2856:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && *s && (strlen (s) < (size_t)MAILTMPLEN)) s = ucase (strcpy (tmp,s));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:2884:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) < (size_t) 5) return NIL;
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3626:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h.size = strlen (s); /* yes, get its size */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3724:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prefix && (strlen (prefix) > (MAILTMPLEN - 20))) return NIL;
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3740:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
s = prefix ? strcat (sect,".") : "";
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3762:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
mail_search_body (stream,msgno,body,strcat (sect,"."),1,flags);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3891:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (tadr.mailbox = a->mailbox) ? 4 + 2*strlen (a->mailbox) : 3;
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3892:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tadr.personal = a->personal) k += 3 + 2*strlen (a->personal);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3893:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tadr.adl = a->adl) k += 3 + 2*strlen (a->adl);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3894:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tadr.host = a->host) k += 3 + 2*strlen (a->host);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:3900:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((k = strlen (tmp)) + txt.size) > i)
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4129:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (d = strtok_r (c,end,r)) n = strlen (d);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4344:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v,strlen (v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4380:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v,strlen (v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4385:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v+1,strlen (v+1));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4413:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v,strlen (v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4418:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v+1,strlen (v+1));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4446:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v,strlen (v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4451:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v+1,strlen (v+1));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4480:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (x,v,strlen (v));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4510:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (src.size = strlen (t)) { /* have non-empty subject? */
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4523:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (slen = dst.size; s; slen = strlen (s)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4579:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s[i = strlen (s) - 1] == ']')) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:4900:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),":%lu",mail_uid (stream,sc[j]->num));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5164:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (ret = (char *) fs_get (strlen (adr->mailbox) +
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5165:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (adr->host) + 2),"%s@%s",
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5189:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->text.size = strlen (t);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5193:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->next->text.size = strlen (t);
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5434:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((i = (*flag == '(')) ^ (flag[strlen (flag)-1] == ')')) ||
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5435:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (flag) >= MAILTMPLEN)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5440:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (n = tmp,flag+i,(j = strlen (flag) - (2*i)));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5440:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (n = tmp,flag+i,(j = strlen (flag) - (2*i)));
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5463:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (t) <= MAXUSERFLAG)) {
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5644:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr->line.size = strlen ((char *) (hdr->line.data =
data/uw-imap-2007f~dfsg/src/c-client/mail.c:5646:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr->text.size = strlen ((char *) (hdr->text.data =
data/uw-imap-2007f~dfsg/src/c-client/mail.c:6183:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (mb->host) >= NETMAXHOST) {
data/uw-imap-2007f~dfsg/src/c-client/misc.c:78:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return string ? strcpy ((char *) fs_get (1 + strlen (string)),string) : NIL;
data/uw-imap-2007f~dfsg/src/c-client/netmsg.c:83:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (t); /* size of line */
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:154:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pattern[strlen (pattern) - 1] == '%';
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:161:60: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = lcl; (s < (name + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) &&
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:174:64: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:199:59: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) &&
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:216:64: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:220:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (f)) == '\012') nl[1] = c;
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:260:57: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) &&
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:265:59: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:267:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (f)) == ' ');
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:272:41: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0,j = 0; isdigit (c); c = getc (f)) i = i*10 + (c-'0');
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:273:29: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (c == '-') for (c = getc (f); isdigit (c); c = getc (f))
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:273:56: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (c == '-') for (c = getc (f); isdigit (c); c = getc (f))
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:289:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (f); /* get first character of number */
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:301:61: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:349:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (f)) != EOF) {
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:353:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (f)) == '\012') nl[1] = c;
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:389:57: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (bf)) != EOF) &&
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:402:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc (bf)) != EOF) && (c != '\015') && (c != '\012'));
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:404:45: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c == '\015') || (c == '\012')) c = getc (bf);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:407:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (bf); /* get next character */
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:414:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else while (((c = getc (bf)) != EOF) && (c != '\015') && (c != '\012'))
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:419:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (((c = getc (bf)) != EOF) && (c != '\012')) ungetc (c,bf);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:453:57: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = tmp; (s < (tmp + MAILTMPLEN - 1)) && ((c = getc (f)) != EOF) &&
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:458:59: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != '\015') && (c != '\012') && (c != EOF)) c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:461:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (f)) == ' ');
data/uw-imap-2007f~dfsg/src/c-client/newsrc.c:464:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (f);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:334:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:420:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.'))
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:682:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),":%lu",mb.port ? mb.port : nntp_port);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:690:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mb.user[0]) sprintf (tmp + strlen (tmp),"/user=\"%s\"",mb.user);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:732:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = tmp + strlen (tmp); /* end of string */
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:755:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (LOCAL->user) sprintf (tmp + strlen (tmp),"/user=\"%s\"",LOCAL->user);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:757:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else sprintf (tmp + strlen (tmp),"}#news.%s",mbx);
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1743:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb.host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1767:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb.host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1972:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0)
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:1972:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0)
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2125:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stream->reply + 4),len))) {
data/uw-imap-2007f~dfsg/src/c-client/nntp.c:2197:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream->reply = (char *) fs_get (20+strlen (text));
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:431:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"/user=\"%s\"}%s",usr,mb.mailbox);
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:513:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (s) > 4) && (s[4] == ' ')) s[4] = '\0';
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:524:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (s) > 4) && (s[4] == ' ')) s[4] = '\0';
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:607:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb->host,(long) mail_parameters (NIL,GET_SASLUSESPTRNAME,NIL) ?
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:700:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (LOCAL->reply),len))) {
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1038:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1: 0)
data/uw-imap-2007f~dfsg/src/c-client/pop3.c:1038:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1: 0)
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:203:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = env->followup_to = (char *) fs_get (1 + strlen (d));
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:228:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = env->newsgroups = (char *) fs_get (1 + strlen (d));
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:377:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (s1) + 2; /* length of cookie and header */
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:575:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stl->text.size = strlen ((char *) stl->text.data);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:954:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (s) + 2; /* @ plus domain plus delimiter or NUL */
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1034:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1034:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (v = (char *) fs_get (strlen (adr->mailbox) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1064:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*end == '(') && (s = rfc822_skip_comment (&end,LONGT)) && strlen (s))
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1090:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ret = (char *) fs_get (len + 1),string,len);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1112:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1112:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (v = (char *) fs_get (strlen (ret) + strlen (s) + 2),
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1162:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str + strlen (str);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1180:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!st || !*st) return str + strlen (str);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1392:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return rfc822_output_data (buf,string,strlen (string));
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1455:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long i = env->remail ? strlen (env->remail) : 0;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1514:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long pretty = strlen (type);
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:1615:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(src[strlen (src) - 1] == '.')))) {
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2227:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = *header + strlen (*header)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2245:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = *header + strlen (*header)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2264:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2282:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2299:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = dest + strlen (dest)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/rfc822.c:2316:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.end = (buf.beg = buf.cur = *dst + strlen (*dst)) + SENDBUFLEN - 1;
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:154:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else do if (strlen (*hostlist) < SMTPMAXDOMAIN) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:244:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mb.host,
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:352:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stream->reply + 4),len))) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:457:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!((strlen (env->return_path->mailbox) > SMTPMAXLOCALPART) ||
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:458:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (env->return_path->host) > SMTPMAXDOMAIN))) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:460:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"@%s",env->return_path->host);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:465:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (env->return_path->adl) > SMTPMAXPATH)) ||
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:466:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (env->return_path->mailbox) > SMTPMAXLOCALPART) ||
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:467:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (env->return_path->host) > SMTPMAXDOMAIN)))
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:470:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,">");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:477:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," ENVID=%.100s",ESMTP.dsn.envid);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:548:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (adr->mailbox) > MAXLOCALPART) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:552:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen (adr->host) > SMTPMAXDOMAIN)) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:557:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (adr->adl && (strlen (adr->adl) > SMTPMAXPATH)) {
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:567:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"@%s>",adr->host);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:570:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,">");
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:576:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = tmp + strlen (tmp);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:581:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*s) s[strlen (s) - 1] = '\0';
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:587:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," ORCPT=%.500s",orcpt);
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:617:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0)
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:617:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) fs_get (strlen (command) + (args ? strlen (args) + 1 : 0)
data/uw-imap-2007f~dfsg/src/c-client/smtp.c:765:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream->reply = (char *) fs_get (20+strlen (text));
data/uw-imap-2007f~dfsg/src/c-client/utf8.c:381:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (*script && (strlen (script) < 128))
data/uw-imap-2007f~dfsg/src/c-client/utf8.c:398:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (*charset && (strlen (charset) < 128))
data/uw-imap-2007f~dfsg/src/c-client/utf8.c:421:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, j = sizeof (BADCSS) + sizeof (BADCSE) + strlen (charset) - 2;
data/uw-imap-2007f~dfsg/src/c-client/utf8.c:423:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen (utf8_csvalid[i].name) + 1;
data/uw-imap-2007f~dfsg/src/c-client/utf8aux.c:420:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = cpytxt (&utf7,src,strlen (src)); *s; ++s) switch (*s) {
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:187:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar ()) != EOF) putc (c,f);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:199:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar ()) != EOF) {
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:443:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type);
data/uw-imap-2007f~dfsg/src/dmail/dmail.c:566:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (ucase (strncpy (tmp,string,11)),"[TRYCREATE]")) trycreate = T;
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:415:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (tag) > 50) PSOUT ("* BAD Excessively long tag\015\012");
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:438:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((arg = strtok (NIL,"\015\012")) && ((i = strlen (arg)) > 3) &&
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:525:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *msg = (char *) fs_get (strlen (cmd) + strlen (s) + 2);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:525:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *msg = (char *) fs_get (strlen (cmd) + strlen (s) + 2);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:619:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (v) <
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:620:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((size_t) (MAILTMPLEN - ((u += strlen (u)) + 2 - tmp)))) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:964:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,t,i)[i] = '\0';
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1148:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," MESSAGES %lu",stream->nmsgs);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1150:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," RECENT %lu",stream->recent);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1154:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," UNSEEN %lu",unseen);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1157:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," UIDNEXT %lu",stream->uid_last+1);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1159:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((i = strlen (tmp)) > 3) && (tmp[i - 1] == '}') &&
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:1632:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (alf)) != EOF) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2088:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((i = strlen (t)) > 3) && (t[i - 1] == '}') &&
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2293:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(tail = strpbrk ((s = *arg)," )"))) tail = *arg + strlen (*arg);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2648:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (list && (i = strlen (s)) && (s[i-1] == ')')) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2896:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = (char *) fs_get (100 + strlen (ta->section));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2925:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:2956:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3026:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (st.size) sprintf (tmp + strlen (tmp),"{%lu}\015\012",st.size);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3055:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long len = 100 + (ta->section ? strlen (ta->section) : 0);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3072:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tmp,"]"); /* close section specifier */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3095:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = (char *) fs_get (100+(ta->section ? strlen (ta->section) : 0));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3576:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
st.size = strlen (s);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3730:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ta->first || ta->last) sprintf (id + strlen (id),"<%lu>",ta->first);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3890:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = litstk[litsp++] = (char *) fs_get (strlen (name) + 9);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3923:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ref) > NETMAXMBX) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3928:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pat) > NETMAXMBX) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3935:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern += strlen (pattern);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3942:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.'))
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:3966:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen ((char *) (t = initial));
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4082:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (t) < ((size_t) (MAILTMPLEN-((s += strlen (s))+2-tmp))))) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4082:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (t) < ((size_t) (MAILTMPLEN-((s += strlen (s))+2-tmp))))) {
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4153:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((j = strlen (ad->arg)) > 3) && (ad->arg[j - 1] == '}') &&
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4318:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," MESSAGES %lu",status->messages);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4320:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," RECENT %lu",status->recent);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4322:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," UNSEEN %lu",status->unseen);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4324:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp)," UIDNEXT %lu",status->uidnext);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4326:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen(tmp)," UIDVALIDITY %lu",status->uidvalidity);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4429:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s - string) : strlen (string);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4447:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s - string) : strlen (string);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4528:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (username,*mb->user ? mb->user : (char *) user,NETMAXUSER);
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4529:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (password,pass,256); /* and password */
data/uw-imap-2007f~dfsg/src/imapd/imapd.c:4598:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s - string) : strlen (string);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:289:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (p) >= TMPLEN)) { /* get user name and password */
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:348:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,stream->mailbox,i = (++s - stream->mailbox));
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:401:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen (status); /* update size to reflect status */
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:652:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (username,*mb->user ? mb->user : user,NETMAXUSER-1);
data/uw-imap-2007f~dfsg/src/ipopd/ipop2d.c:653:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (password,pass,255); /* and password */
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:508:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point to end of string */
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:523:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen (s); /* point to end of string */
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:711:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *) rfc822_base64 (t,strlen ((char *) t),rlen ? rlen : &i);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:1019:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (username,*mb->user ? mb->user : user,NETMAXUSER-1);
data/uw-imap-2007f~dfsg/src/ipopd/ipop3d.c:1021:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (password,pass,255);/* and password */
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:320:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len - (curlen = (t += strlen (t)) - s)) < 20) {
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:329:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen (s); /* end of buffer */
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:602:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1),
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:602:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (ndst = (char *) fs_get (strlen (dst) + strlen (suffix) + 1),
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:618:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (source->user_flags[i]) len += strlen (source->user_flags[i]) + 1;
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:622:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *flags = (char *) fs_get (1 + len + strlen (tail) + 1);
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:637:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
INIT (&st,mail_string,dummymsg,strlen (dummymsg));
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:715:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(MAILTMPLEN - ((t += strlen (t)) - tmp)) > (long) (2 + strlen (t1))){
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:715:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(MAILTMPLEN - ((t += strlen (t)) - tmp)) > (long) (2 + strlen (t1))){
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:887:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",
data/uw-imap-2007f~dfsg/src/mailutil/mailutil.c:889:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser);
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:85:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (++file);
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:91:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dir,argv[2],dlen); /* connect to desired directory */
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:124:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (hitch); /* append local host name */
data/uw-imap-2007f~dfsg/src/mlock/mlock.c:169:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (0,tmp,1); /* read continue signal from parent */
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:208:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen((char *) (cur->text.data = (unsigned char*)cpystr (parms)));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen((char *) (cur->text.data = (unsigned char*)cpystr ("*")));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:320:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:323:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:326:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:329:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:332:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:335:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:338:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur->text.size = strlen ((char *) (cur->text.data = (unsigned char *)
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:414:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (tmp+18,t,(size_t) min (20,(long) strlen (t)));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:416:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp," ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:418:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"{");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:421:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i) strcat (tmp," ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:425:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"%.25s (%lu chars)",
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:454:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp," ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:456:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"{");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:459:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i) strcat (tmp," ");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:463:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mail_fetchsubject (t = tmp + strlen (tmp),stream,msgno,(long) 25);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:464:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (t += strlen (t)," (%lu chars)",cache->rfc822_size);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:490:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (body->subtype) sprintf (s += strlen (s),"/%s",body->subtype);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:491:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (body->description) sprintf (s += strlen (s)," (%s)",body->description);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:493:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),";%s=%s",par->attribute,par->value);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:495:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (body->id) sprintf (s += strlen (s),", id = %s",body->id);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:499:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," (%lu lines)",body->size.lines);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:502:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," (%lu bytes)",body->size.bytes);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:736:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curhst = (char *) fs_get (1+strlen (mb->host));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:739:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user));
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:740:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:821:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat (text,".");
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:827:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body->contents.text.size = strlen (text);
data/uw-imap-2007f~dfsg/src/mtest/mtest.c:829:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->date = (char *) fs_get (1+strlen (line));
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:172:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test,i = s - test);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:220:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:294:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || dir[(len = strlen (dir)) - 1] == '/') while (d = readdir (dp))
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:299:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((len + strlen (d->d_name)) <= NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:305:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
pmatch_full (strcat (path,"/"),pat,'/') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:307:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mailboxdir (path,dir,"x") && (len = strlen (path)) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:383:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf+ssiz,bsiz = min (fsiz,BUFSIZE));
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:438:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!(attributes & LATT_NOSELECT) && (csiz = strlen (contents)) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:483:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:491:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/dummy.c:508:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:331:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:390:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (mask = umask (022)){/* check old umask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:395:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* so change it back */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:485:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (s,0,strlen (s)); /* erase sensitive information */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:514:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (user) >= NETMAXUSER) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:515:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(authuser && (strlen (authuser) >= NETMAXUSER))) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:666:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:674:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:756:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:761:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:782:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:873:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (file) > 512) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:906:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:914:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask) /* restore old umask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:917:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask) /* restore old umask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:958:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1057:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1074:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1084:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1097:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1100:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/env_ami.c:1111:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/fdstring.c:67:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (d->fd,s->chunk,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/amiga/fdstring.c:97:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read ((long) s->data,s->curpos,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:219:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,hdr,HDRSIZE) == HDRSIZE)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:237:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr,HDRSIZE) != HDRSIZE)) ret = -1;
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) <= MAXUSERFLAG)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:259:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((j = read (fd,hdr,64)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:408:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:709:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:941:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:947:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:957:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1038:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1044:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1046:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1269:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,HDRSIZE);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1284:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1303:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1509:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1552:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1593:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1652:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s,i) == i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mbx.c:1757:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:207:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((name[0] != '#') && (s = mh_path (tmp)) && (i = strlen (s)) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:251:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,(t = (char *) fs_get (sbuf.st_size + 1)),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:364:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test+4,i = s - (test+4));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:429:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = curdir + strlen (curdir);/* end of directory name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:430:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np = name + strlen (name); /* end of MH name */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:489:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (tmp,"/"),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:515:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (mh_file (tmp,mailbox));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:856:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (mh_file (tmp,MHINBOX),"/"),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1073:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (flags,")"); /* close list */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1112:31: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (tmp,"/"),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1157:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"/%ld",++last);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mh.c:1257:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '/') && (pattern[strlen (pattern) - 1] == '/'))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(errno = ((strlen (name) > NETMAXMBX) ? ENAMETOOLONG : NIL)) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:321:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:327:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:431:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = file + strlen (file) - (sizeof (MIXMETA) - 1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:547:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (dummy_create_path (stream,strcat (tmp1,"/"),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:553:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srcl = strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dstl = strlen (tmp1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:558:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:736:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (LOCAL->msgfd,LOCAL->buf,j) == j) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:963:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (flags,")");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1394:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrsize = strlen (local->buf);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1434:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1442:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,")");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1551:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrsize = strlen (local->buf);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:1781:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*k && (strlen (k) <= MAXUSERFLAG)) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2155:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->mfd,s = LOCAL->buf,sbuf.st_size) != sbuf.st_size))
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2191:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2193:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, c = 'K', s = ss = LOCAL->buf + strlen (LOCAL->buf);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2238:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size *= strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2242:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2319:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size *= strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2322:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2497:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'F') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2501:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2502:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2509:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'T') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2513:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2514:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2521:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'C') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2525:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2526:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2533:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'S') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2538:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2539:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2548:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'M') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2553:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2554:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2568:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((getc (srtcf) != 'R') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2572:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2573:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2673:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->from ? strlen (s->from) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2674:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2674:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2675:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->refwd ? 'R' : ' ',s->subject ? strlen (s->subject) + 1: 0,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mix.c:2676:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->message_id ? strlen (s->message_id) + 1 : 0,j);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:399:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) >= 0) ret = ISMMDF (tmp) ? T : NIL;
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:487:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:488:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:493:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:494:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:495:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) ret = T;
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:656:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd,tmp,(i = strlen (tmp))+1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:740:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:743:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:746:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:749:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:752:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:755:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:769:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:779:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:846:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1091:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1379:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1391:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("mmdf_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1736:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:1797:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2136:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2138:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2140:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (hdr);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mmdf.c:2302:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:185:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:515:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:686:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:692:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:702:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:801:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:918:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1123:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1265:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mtx.c:1344:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:179:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) <= NETMAXMBX) && *mx_file (tmp,name) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:274:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:280:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:350:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:371:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:454:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (dummy_create_path (stream,strcat (tmp1,"/"),
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:459:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srcl = strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:460:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dstl = strlen (tmp1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:494:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:636:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,LOCAL->buf,elt->rfc822_size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:951:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:959:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,")"); /* close list */
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1177:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = idx = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1193:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (t) <= MAXUSERFLAG)) stream->user_flags[k] = cpystr (t);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1249:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1253:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((s += strlen (s)) - tmp) > MXIXBUFLEN) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/mx.c:1265:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s += strlen (s)) != tmp) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:161:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,t = s = (char *) fs_get (sbuf.st_size+1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:228:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,s = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (pattern); /* length of pattern */
data/uw-imap-2007f~dfsg/src/osdep/amiga/news.c:278:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.'))
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:317:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf->data = (unsigned char *) fs_get (buf->size + 1),buf->size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/phile.c:457:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen (LOCAL->tmp);
data/uw-imap-2007f~dfsg/src/osdep/amiga/ssl_none.c:56:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getchar ();
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:127:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:129:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname[(strlen (hostname))-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:264:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:406:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:454:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:476:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tcp_ami.c:725:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:192:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) &&
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:516:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:567:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length = i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:572:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:614:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,i);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:629:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:775:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:781:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:791:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:890:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1008:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1235:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1377:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/tenex.c:1456:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/amiga/tz_bsd.c:37:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:250:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:347:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_fixed_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:349:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:354:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:355:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:356:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) ret = T;
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:517:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd,tmp,(i = strlen (tmp))+1);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:601:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:604:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:607:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:610:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:616:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:630:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:640:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:707:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:956:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1242:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1254:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1572:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1633:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1973:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1975:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1976:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:1977:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (hdr); /* return header length */
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2139:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.c:2611:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (sfd,s = (char *) fs_get (size + 1),size);
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:96:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(realtime,"\n"); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:97:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&x[start],realtime,strlen(realtime)); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:97:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(&x[start],realtime,strlen(realtime)); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:126:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(realtime,"\n"); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:127:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&x[start],realtime,strlen(realtime)); \
data/uw-imap-2007f~dfsg/src/osdep/amiga/unix.h:127:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(&x[start],realtime,strlen(realtime)); \
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:176:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) >= 0)
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:410:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,(size_t) *length);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:539:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,tmp,(unsigned int) k);
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:770:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db = datemsg + strlen (strcpy (datemsg,"Unparsable date: "));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:776:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,tmp,j = (int) min (i,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:833:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (s); /* length of unread data in buffer */
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:838:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = tmp,j = (int) min (i,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/dos/bezrkdos.c:882:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:170:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test,(size_t) (i = s - test));
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:209:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:266:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*." : "\\*.");
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:274:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmpx[strlen (tmpx) - 1] == '\\') do if (*f.name != '.') {
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:277:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dir) sprintf (tmpx + strlen (tmpx),"%s%s",dir,f.name);
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:290:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"\\"); /* set up for dmatch call */
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:293:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (pmatch_full (strcat (tmp,"\\"),pat,'\\'))
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:329:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) ||
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:336:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE));
data/uw-imap-2007f~dfsg/src/osdep/dos/dummydos.c:384:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,path,(size_t) (s - path));
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:135:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:142:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (date + strlen (date)," (%.50s)",
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:177:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (myHomeDir = cpystr ((s = getenv ("HOME")) ? s : ""));
data/uw-imap-2007f~dfsg/src/osdep/dos/env_dos.c:202:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ext) sprintf (dst + strlen (dst),".%s",ext);
data/uw-imap-2007f~dfsg/src/osdep/dos/fdstring.c:67:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (d->fd,s->chunk,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/dos/fdstring.c:97:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read ((long) s->data,s->curpos,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:172:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) &&
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:361:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,(size_t) *length);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:482:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,tmp,(size_t) m);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:560:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,tmp,(size_t) j);
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:731:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,lbuf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/dos/mtxdos.c:849:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dbw.c:49:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read soread
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dnv.c:50:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read soread
data/uw-imap-2007f~dfsg/src/osdep/dos/os_dpc.c:76:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"]");
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:84:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:86:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:288:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcps,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dos.c:305:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_dwa.c:68:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[strlen (host)-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:133:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:135:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:376:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) <
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:431:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:457:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/dos/tcp_wsk.c:728:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/mac/env_mac.c:100:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (date += strlen (date),"%+03ld%02ld",tz/60,tzm >= 0 ? tzm : -tzm);
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:112:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[strlen (host)-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:228:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream->host[strlen (stream->host) - 1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:407:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/mac/tcp_mac.c:532:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[i = (strlen (name))-1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:167:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test,(size_t) (i = s - test));
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:207:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:261:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*");
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:268:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || dir[(len = strlen (dir)) - 1] == '\\') do
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:271:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((len + strlen (f.name)) <= NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:277:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
pmatch_full (strcat (tmp,"\\"),pat,'\\') ||
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:288:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"\\");/* set up for dmatch call */
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:291:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (pmatch_full (strcat (tmp,"\\"),pat,'\\') &&
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:330:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*") &&
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:341:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:349:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE));
data/uw-imap-2007f~dfsg/src/osdep/nt/dummynt.c:400:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,path,(size_t) (s - path));
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:162:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:174:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (date + strlen (date)," (%.50s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:347:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (user) >= MAILTMPLEN) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:348:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(authuser && (strlen (authuser) >= MAILTMPLEN)))
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:375:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (s,0,strlen (s));/* erase sensitive information */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:463:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MultiByteToWideChar (CP_ACP,0,user,strlen (user) + 1,
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:469:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*(s = tmp + strlen (tmp) - 1) == '\\') || (*s == '/')) *s = '\0';
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:473:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,s,t-s); /* copy up to user name */
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:519:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*(p = path + strlen (path) -1) == '\\') || (*p == '/')) *p = '\0';
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:591:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/nt/env_nt.c:596:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/nt/fdstring.c:67:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (d->fd,s->chunk,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/nt/fdstring.c:97:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read ((long) s->data,s->curpos,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/nt/ip4_nt.c:164:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:135:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && (strlen (text) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/ip6_nt.c:252:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/kerb_w2k.c:416:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status_string->length = strlen (status_string->value = cpystr (s));
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:212:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (((((j = read (fd,hdr,HDRSIZE)) == HDRSIZE) && (hdr[0] == '*')) ||
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:215:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr+1,HDRSIZE-1) == (HDRSIZE-1)) && (hdr[0] = '*'))) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:231:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr+1,HDRSIZE-1) != (HDRSIZE-1))) ret = -1;
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:244:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) <= MAXUSERFLAG)
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:253:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((j = read (fd,hdr,64)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:396:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:657:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:913:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:919:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:921:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1135:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,HDRSIZE);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1150:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG))
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1159:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1365:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1406:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1446:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1505:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s,i) == i);
data/uw-imap-2007f~dfsg/src/osdep/nt/mbxnt.c:1600:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:185:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:486:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:675:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:789:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:981:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1123:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/mtxnt.c:1205:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_none.c:56:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getchar ();
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_nt.c:600:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ssl_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_old.c:506:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ssl_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/nt/ssl_w2k.c:562:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ssl_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:144:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:146:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:407:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:476:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:532:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/nt/tcp_nt.c:851:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:193:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) &&
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:486:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:519:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length = i);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:524:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:566:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,i) != (long) i) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:581:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:745:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:860:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1072:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1215:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/tenexnt.c:1297:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:209:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) <= 0) errno = -1;
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:316:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_fixed_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:317:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:321:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:545:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:548:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:551:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:554:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:557:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:560:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:574:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:579:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:641:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:876:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1179:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1191:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1523:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1584:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1909:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (t = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1911:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (t += strlen (t)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1912:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n");
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:1913:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = pseudo_msg,t += strlen (t); *s; *t++ = *s++)
data/uw-imap-2007f~dfsg/src/osdep/nt/unixnt.c:2057:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:173:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test,(size_t) (i = s - test));
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:213:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:267:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat (tmp,(tmp[strlen (tmp) -1] == '\\') ? "*.*" : "\\*.*");
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:274:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || dir[strlen (dir) -1] == '\\') do {
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:277:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (f.name) <= NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:283:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
pmatch_full (strcat (tmp,"\\"),pat,'\\') ||
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:294:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,"\\");/* set up for dmatch call */
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:297:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (pmatch_full (strcat (tmp,"\\"),pat,'\\') &&
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:335:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((attributes & LATT_NOSELECT) || !(csiz = strlen (contents)) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:343:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf+ssiz,bsiz = min (sbuf.st_size,BUFSIZE));
data/uw-imap-2007f~dfsg/src/osdep/os2/dummyos2.c:394:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,path,(size_t) (s - path));
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:122:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (date + strlen (date)," (%.50s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/os2/env_os2.c:195:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ext) sprintf (dst + strlen (dst),".%s",ext);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:212:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (((((j = read (fd,hdr,HDRSIZE)) == HDRSIZE) && (hdr[0] == '*')) ||
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:215:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr+1,HDRSIZE-1) == (HDRSIZE-1)) && (hdr[0] = '*'))) &&
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:231:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr+1,HDRSIZE-1) != (HDRSIZE-1))) ret = -1;
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:244:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) <= MAXUSERFLAG)
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:253:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((j = read (fd,hdr,64)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:396:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:657:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:913:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:919:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:921:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1135:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,HDRSIZE);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1150:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG))
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1159:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1365:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1406:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1446:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1505:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s,i) == i);
data/uw-imap-2007f~dfsg/src/osdep/os2/mbxnt.c:1600:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:185:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) &&
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:486:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:675:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:789:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:981:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1123:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/mtxnt.c:1205:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:84:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:86:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:288:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcps,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/os2/tcp_os2.c:305:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:193:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) &&
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:486:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:519:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length = i);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:524:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:566:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,i) != (long) i) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:581:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:745:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:860:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1072:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1215:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/tenexnt.c:1297:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:209:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) <= 0) errno = -1;
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:316:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_fixed_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:317:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:321:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:545:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:548:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:551:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:554:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:557:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:560:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:574:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:579:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:641:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:876:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1179:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1191:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1523:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1584:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1909:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (t = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1911:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (t += strlen (t)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1912:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (t += strlen (t),"\r\nStatus: RO\r\n\r\n");
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:1913:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = pseudo_msg,t += strlen (t); *s; *t++ = *s++)
data/uw-imap-2007f~dfsg/src/osdep/os2/unixnt.c:2057:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:67:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[strlen (host)-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/tops-20/tcp_t20.c:337:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/unix/ckp_os4.c:69:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (host,host+1,i = strlen (host + 2));
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:46:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:49:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (hitch); /* append local host name */
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_nfs.c:77:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore previous mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_std.c:37:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/unix/crx_std.c:43:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore previous mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:172:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test,i = s - test);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:220:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int showuppers = pat[strlen (pat) - 1] == '%';
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:294:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || dir[(len = strlen (dir)) - 1] == '/') while (d = readdir (dp))
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:299:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((len + strlen (d->d_name)) <= NETMAXMBX)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:305:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
pmatch_full (strcat (path,"/"),pat,'/') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:307:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mailboxdir (path,dir,"x") && (len = strlen (path)) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:383:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf+ssiz,bsiz = min (fsiz,BUFSIZE));
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:438:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!(attributes & LATT_NOSELECT) && (csiz = strlen (contents)) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:483:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:491:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/dummy.c:508:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:518:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:577:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (mask = umask (022)){/* check old umask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:582:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* so change it back */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:672:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (s,0,strlen (s)); /* erase sensitive information */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:701:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (user) >= NETMAXUSER) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:702:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(authuser && (strlen (authuser) >= NETMAXUSER))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:837:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sysInbox = (char *) fs_get (strlen (home) + 7);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:905:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((s = (char *) getlogin ()) && *s && (strlen (s) < NETMAXUSER) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:913:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((s = getenv ("HOME")) && *s && (strlen (s) < NETMAXMBX) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1005:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1010:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > NETMAXMBX) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1031:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1144:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (file) > 512) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1178:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask (0); /* want our lock protection */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1186:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old umask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1189:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old umask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1235:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (pi[0],tmp,1) == 1) && (tmp[0] == '+')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1337:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1354:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1369:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1382:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,tmp,i) == i) && !(tmp[i] = 0) && ((i = atol (tmp)) > 0))
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1385:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1395:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore old mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/env_unix.c:1569:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; k && i < NUSERFLAGS; ++i) if (strlen (k) <= MAXUSERFLAG) {
data/uw-imap-2007f~dfsg/src/osdep/unix/fdstring.c:67:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (d->fd,s->chunk,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/unix/fdstring.c:97:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read ((long) s->data,s->curpos,(size_t) s->cursize);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:394:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fprintf (po,"+%lu %s%lu %s%lu ",strlen (s),s,strlen (t),t,i) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:394:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fprintf (po,"+%lu %s%lu %s%lu ",strlen (s),s,strlen (t),t,i) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:770:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc (slavein)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:829:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (t = s; n && ((c = getc (slavein)) != EOF); *t++ = c,--n);
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:861:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc (slavein)) { /* what did master say? */
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:863:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0'));
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:871:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0'));
data/uw-imap-2007f~dfsg/src/osdep/unix/flocksim.c:879:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; isdigit (c = getc (slavein)); n *= 10, n += (c - '0'));
data/uw-imap-2007f~dfsg/src/osdep/unix/ip4_unix.c:164:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:135:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && (strlen (text) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/ip6_unix.c:252:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/ipo_unix.c:165:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) < MAILTMPLEN) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/log_os4.c:47:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (host,host+1,i = strlen (host + 2));
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:219:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,hdr,HDRSIZE) == HDRSIZE)
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:237:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (fd,hdr,HDRSIZE) != HDRSIZE)) ret = -1;
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) <= MAXUSERFLAG)
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:259:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((j = read (fd,hdr,64)) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:408:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:709:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:941:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:947:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:957:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1038:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf+strlen(LOCAL->buf),",%lu;%08lx%04x-%08lx\015\012",
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1044:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret = (write (fd,LOCAL->buf,strlen (LOCAL->buf)) > 0)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1046:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1269:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,HDRSIZE);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1284:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stream->user_flags[i] && (strlen (s) <= MAXUSERFLAG))
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1303:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1509:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1552:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"%s\015\012",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1593:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,14) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1652:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s,i) == i);
data/uw-imap-2007f~dfsg/src/osdep/unix/mbx.c:1757:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:207:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((name[0] != '#') && (s = mh_path (tmp)) && (i = strlen (s)) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:251:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,(t = (char *) fs_get (sbuf.st_size + 1)),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:364:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file,test+4,i = s - (test+4));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:429:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = curdir + strlen (curdir);/* end of directory name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:430:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np = name + strlen (name); /* end of MH name */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:489:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (tmp,"/"),
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:515:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (mh_file (tmp,mailbox));
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:856:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (mh_file (tmp,MHINBOX),"/"),
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1073:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (flags,")"); /* close list */
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1112:31: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
dummy_create_path (stream,strcat (tmp,"/"),
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1157:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"/%ld",++last);
data/uw-imap-2007f~dfsg/src/osdep/unix/mh.c:1257:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '/') && (pattern[strlen (pattern) - 1] == '/'))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(errno = ((strlen (name) > NETMAXMBX) ? ENAMETOOLONG : NIL)) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:321:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:327:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:431:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = file + strlen (file) - (sizeof (MIXMETA) - 1);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:547:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (dummy_create_path (stream,strcat (tmp1,"/"),
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:553:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srcl = strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dstl = strlen (tmp1);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:558:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (names[i]->d_name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:736:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (LOCAL->msgfd,LOCAL->buf,j) == j) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:963:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (flags,")");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1394:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrsize = strlen (local->buf);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1434:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1442:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,")");
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1551:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdrsize = strlen (local->buf);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:1781:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*k && (strlen (k) <= MAXUSERFLAG)) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2155:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->mfd,s = LOCAL->buf,sbuf.st_size) != sbuf.st_size))
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2191:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),MTAFMT,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2193:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, c = 'K', s = ss = LOCAL->buf + strlen (LOCAL->buf);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2238:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size *= strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2242:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2319:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size *= strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2322:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2497:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'F') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2501:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2502:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2509:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'T') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2513:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2514:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2521:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'C') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2525:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2526:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2533:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'S') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2538:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2539:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2548:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((getc (srtcf) != 'M') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2553:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2554:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2568:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((getc (srtcf) != 'R') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2572:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\015') ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2573:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(getc (srtcf) != '\012')) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2673:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->from ? strlen (s->from) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2674:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2674:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->to ? strlen (s->to) + 1 : 0,s->cc ? strlen (s->cc) + 1 : 0,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2675:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->refwd ? 'R' : ' ',s->subject ? strlen (s->subject) + 1: 0,
data/uw-imap-2007f~dfsg/src/osdep/unix/mix.c:2676:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->message_id ? strlen (s->message_id) + 1 : 0,j);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:399:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) >= 0) ret = ISMMDF (tmp) ? T : NIL;
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:487:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:488:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s), /* write the pseudo-header */
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:493:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:494:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:495:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) ret = T;
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:656:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd,tmp,(i = strlen (tmp))+1);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:740:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:743:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:746:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:749:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:752:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:755:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:769:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:779:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:846:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1091:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1379:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1391:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("mmdf_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1736:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:1797:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2136:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2138:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n%s",pseudo_msg,mmdfhdr);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2140:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (hdr);
data/uw-imap-2007f~dfsg/src/osdep/unix/mmdf.c:2302:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:185:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\015')) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:515:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:686:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:692:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:702:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:801:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:918:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1123:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1265:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mtx.c:1344:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read (LOCAL->fd,s = tmp,
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:179:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (name) <= NETMAXMBX) && *mx_file (tmp,name) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:274:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:280:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s = (char *) fs_get (namelen + strlen (names[i]->d_name) + 2),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:350:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int mask = umask (0);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:371:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask); /* restore mask */
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:454:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (dummy_create_path (stream,strcat (tmp1,"/"),
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:459:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srcl = strlen (tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:460:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dstl = strlen (tmp1);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:494:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (name);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:636:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,LOCAL->buf,elt->rfc822_size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:951:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (strcat (tmp," "),t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:959:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp,")"); /* close list */
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1177:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = idx = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1193:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (t) <= MAXUSERFLAG)) stream->user_flags[k] = cpystr (t);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1249:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"K%s\n",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1253:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((s += strlen (s)) - tmp) > MXIXBUFLEN) {
data/uw-imap-2007f~dfsg/src/osdep/unix/mx.c:1265:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s += strlen (s)) != tmp) {
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:161:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,t = s = (char *) fs_get (sbuf.st_size+1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:228:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,s = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (pattern); /* length of pattern */
data/uw-imap-2007f~dfsg/src/osdep/unix/news.c:278:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*pat == '.') && (pattern[strlen (pattern) - 1] == '.'))
data/uw-imap-2007f~dfsg/src/osdep/unix/opendir.c:44:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,d->dd_buf = (char *) fs_get (sbuf.st_size),
data/uw-imap-2007f~dfsg/src/osdep/unix/os_nto.c:73:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name));
data/uw-imap-2007f~dfsg/src/osdep/unix/os_qnx.c:74:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dc.d_namlen = strlen (strcpy (dc.d_name,de->d_name));
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:317:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,buf->data = (unsigned char *) fs_get (buf->size + 1),buf->size);
data/uw-imap-2007f~dfsg/src/osdep/unix/phile.c:457:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen (LOCAL->tmp);
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_none.c:56:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getchar ();
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:107:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"%.80s%lx%.80s%lx%lx%lx%lx%lx",
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:112:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RAND_seed (tmp,strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:245:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scc && (s = (*scc) ()) && (sl = strlen (s))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:253:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t = (sck ? (*sck) () : s)) && (tl = strlen (t))) {
data/uw-imap-2007f~dfsg/src/osdep/unix/ssl_unix.c:559:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ssl_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/unix/sslstdio.c:35:25: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!sslstdio) return getchar ();
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:172:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:174:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[(strlen (tmp))-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:291:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(pfd.revents & POLLIN) while (((i = *ctr = read (sock,tmp,1)) < 0) && (errno == EINTR));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:346:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mb->host[0] == '[' && mb->host[i = (strlen (mb->host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:556:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) < 0)
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:612:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i > 0) while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:645:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/unix/tcp_unix.c:924:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:192:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read (fd,tmp,64) >= 0) && (s = strchr (tmp,'\012')) &&
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:516:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.full.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:567:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,*length = i);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:572:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:614:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,i);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:629:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s,i); /* slurp the data */
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:775:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (LOCAL->buf + strlen (LOCAL->buf),
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:781:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((write (LOCAL->fd,LOCAL->buf,strlen (LOCAL->buf)) < 0) ||
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:791:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (r == 1) strcpy (tmp,"1");
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:890:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,m);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1008:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,j);
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1235:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read (LOCAL->fd,LOCAL->buf,64)) <= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1377:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (LOCAL->fd,LOCAL->buf,12) < 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/tenex.c:1456:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = LOCAL->buf,i = min (msiz-siz,(long) MAILTMPLEN));
data/uw-imap-2007f~dfsg/src/osdep/unix/tz_bsd.c:37:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s + strlen (s)," (%.50s)",((struct tm *) t)->tm_zone);
data/uw-imap-2007f~dfsg/src/osdep/unix/tz_sv4.c:37:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s + strlen (s)," (%.50s)",
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:250:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd,tmp,MAILTMPLEN-1) >= 0) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:347:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rfc822_fixed_date (s = tmp + strlen (tmp));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:349:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:354:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",default_user_flag (i));
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:355:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:356:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd,tmp,strlen (tmp)) > 0) ret = T;
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:517:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd,tmp,(i = strlen (tmp))+1);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:601:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:604:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:607:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:610:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:616:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lines->text.size = strlen ((char *) (lines->text.data =
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:630:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.header.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:640:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,s = (char *) fs_get (elt->private.msg.header.text.size+1),
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:707:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.msg.text.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:956:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1242:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (sf)) != '\n') switch (c) {
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1254:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (j = strlen (tmp))) fatal ("unix_append_msgs overrun");
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1572:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(u = strpbrk (s," \n\r"))) u = s + strlen (s);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1633:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stream->user_flags[j],s,k);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1973:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = hdr + strlen (hdr),i = 0; i < NUSERFLAGS; ++i)
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1975:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s)," %s",stream->user_flags[i]);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1976:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (s += strlen (s),"\nStatus: RO\n\n%s\n\n",pseudo_msg);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:1977:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (hdr); /* return header length */
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2139:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (LOCAL->fd,LOCAL->buf,elt->private.special.text.size);
data/uw-imap-2007f~dfsg/src/osdep/unix/unix.c:2611:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (sfd,s = (char *) fs_get (size + 1),size);
data/uw-imap-2007f~dfsg/src/osdep/vms/env_vms.c:90:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:77:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HostDesc.dsc$w_length = strlen (host);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:243:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:257:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct dsc$descriptor_s BufDesc = {strlen(string),DSC$K_DTYPE_T,
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsl.c:352:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp,LocalhostDesc.dsc$a_pointer,LocalhostDesc.dsc$w_length);
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:99:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:101:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname[(strlen (hostname))-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:323:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/vms/tcp_vmsm.c:465:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:138:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date += strlen (date); /* make next sprintf append */
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:147:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tz && tz[0]) sprintf (date + strlen (date)," (%s)",tz);
data/uw-imap-2007f~dfsg/src/osdep/wce/env_wce.c:212:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!((s = getenv ("HOMEPATH")) && (i = strlen (s)))) return NIL;
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:133:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host[0] == '[' && host[(strlen (host))-1] == ']') {
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:135:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp)-1] = '\0';
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:376:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else while (((i = read (stream->tcpsi,s,(int) min (maxposint,size))) <
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:431:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else while (((i = read (stream->tcpsi,stream->ibuf,BUFLEN)) < 0) &&
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:457:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tcp_sout (stream,string,(unsigned long) strlen (string));
data/uw-imap-2007f~dfsg/src/osdep/wce/tcp_wce.c:728:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen (name) - 1] == ']') return name;
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:227:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar ()) != EOF) putc (c,f);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:239:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar ()) != EOF) {
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:291:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mailbox && (strlen (mailbox) > 256))
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:547:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"uid mismatch (%ld != %ld)",
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:564:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (tmp + strlen (tmp),"file type %07o",(unsigned int) type);
data/uw-imap-2007f~dfsg/src/tmail/tmail.c:705:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (ucase (strncpy (tmp,string,11)),"[TRYCREATE]")) trycreate = T;
ANALYSIS SUMMARY:
Hits = 4979
Lines analyzed = 157819 in approximately 6.51 seconds (24237 lines/second)
Physical Source Lines of Code (SLOC) = 111732
Hits@level = [0] 279 [1] 1081 [2] 2704 [3] 86 [4] 1093 [5] 15
Hits@level+ = [0+] 5258 [1+] 4979 [2+] 3898 [3+] 1194 [4+] 1108 [5+] 15
Hits/KSLOC@level+ = [0+] 47.059 [1+] 44.562 [2+] 34.8871 [3+] 10.6863 [4+] 9.91659 [5+] 0.13425
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.