Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c
Examining data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c
Examining data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c
Examining data/uwsgi-2.0.19.1/contrib/cgi_python.c
Examining data/uwsgi-2.0.19.1/contrib/uwsgi_client.c
Examining data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c
Examining data/uwsgi-2.0.19.1/core/alarm.c
Examining data/uwsgi-2.0.19.1/core/async.c
Examining data/uwsgi-2.0.19.1/core/buffer.c
Examining data/uwsgi-2.0.19.1/core/cache.c
Examining data/uwsgi-2.0.19.1/core/chunked.c
Examining data/uwsgi-2.0.19.1/core/clang_fake.c
Examining data/uwsgi-2.0.19.1/core/clock.c
Examining data/uwsgi-2.0.19.1/core/config.c
Examining data/uwsgi-2.0.19.1/core/cookie.c
Examining data/uwsgi-2.0.19.1/core/cron.c
Examining data/uwsgi-2.0.19.1/core/daemons.c
Examining data/uwsgi-2.0.19.1/core/emperor.c
Examining data/uwsgi-2.0.19.1/core/errors.c
Examining data/uwsgi-2.0.19.1/core/event.c
Examining data/uwsgi-2.0.19.1/core/exceptions.c
Examining data/uwsgi-2.0.19.1/core/fifo.c
Examining data/uwsgi-2.0.19.1/core/fsmon.c
Examining data/uwsgi-2.0.19.1/core/gateway.c
Examining data/uwsgi-2.0.19.1/core/hash.c
Examining data/uwsgi-2.0.19.1/core/hooks.c
Examining data/uwsgi-2.0.19.1/core/ini.c
Examining data/uwsgi-2.0.19.1/core/init.c
Examining data/uwsgi-2.0.19.1/core/io.c
Examining data/uwsgi-2.0.19.1/core/json.c
Examining data/uwsgi-2.0.19.1/core/legion.c
Examining data/uwsgi-2.0.19.1/core/lock.c
Examining data/uwsgi-2.0.19.1/core/logging.c
Examining data/uwsgi-2.0.19.1/core/loop.c
Examining data/uwsgi-2.0.19.1/core/master.c
Examining data/uwsgi-2.0.19.1/core/master_checks.c
Examining data/uwsgi-2.0.19.1/core/master_events.c
Examining data/uwsgi-2.0.19.1/core/metrics.c
Examining data/uwsgi-2.0.19.1/core/mount.c
Examining data/uwsgi-2.0.19.1/core/mule.c
Examining data/uwsgi-2.0.19.1/core/notify.c
Examining data/uwsgi-2.0.19.1/core/offload.c
Examining data/uwsgi-2.0.19.1/core/plugins.c
Examining data/uwsgi-2.0.19.1/core/progress.c
Examining data/uwsgi-2.0.19.1/core/protocol.c
Examining data/uwsgi-2.0.19.1/core/querystring.c
Examining data/uwsgi-2.0.19.1/core/queue.c
Examining data/uwsgi-2.0.19.1/core/rb_timers.c
Examining data/uwsgi-2.0.19.1/core/regexp.c
Examining data/uwsgi-2.0.19.1/core/routing.c
Examining data/uwsgi-2.0.19.1/core/rpc.c
Examining data/uwsgi-2.0.19.1/core/sendfile.c
Examining data/uwsgi-2.0.19.1/core/setup_utils.c
Examining data/uwsgi-2.0.19.1/core/sharedarea.c
Examining data/uwsgi-2.0.19.1/core/signal.c
Examining data/uwsgi-2.0.19.1/core/skel.c
Examining data/uwsgi-2.0.19.1/core/snmp.c
Examining data/uwsgi-2.0.19.1/core/socket.c
Examining data/uwsgi-2.0.19.1/core/spooler.c
Examining data/uwsgi-2.0.19.1/core/ssl.c
Examining data/uwsgi-2.0.19.1/core/static.c
Examining data/uwsgi-2.0.19.1/core/stats.c
Examining data/uwsgi-2.0.19.1/core/storage.c
Examining data/uwsgi-2.0.19.1/core/strings.c
Examining data/uwsgi-2.0.19.1/core/subscription.c
Examining data/uwsgi-2.0.19.1/core/timebomb.c
Examining data/uwsgi-2.0.19.1/core/transformations.c
Examining data/uwsgi-2.0.19.1/core/utils.c
Examining data/uwsgi-2.0.19.1/core/uwsgi.c
Examining data/uwsgi-2.0.19.1/core/websockets.c
Examining data/uwsgi-2.0.19.1/core/writer.c
Examining data/uwsgi-2.0.19.1/core/xmlconf.c
Examining data/uwsgi-2.0.19.1/core/yaml.c
Examining data/uwsgi-2.0.19.1/core/zeus.c
Examining data/uwsgi-2.0.19.1/core/zlib.c
Examining data/uwsgi-2.0.19.1/core/master_utils.c
Examining data/uwsgi-2.0.19.1/core/reader.c
Examining data/uwsgi-2.0.19.1/core/plugins_builder.c
Examining data/uwsgi-2.0.19.1/lib/linux_ns.c
Examining data/uwsgi-2.0.19.1/lib/netlink.c
Examining data/uwsgi-2.0.19.1/lib/sun_fixes.c
Examining data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/alarm_xmpp/alarm_xmpp_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/alarm_xmpp/gloox.cc
Examining data/uwsgi-2.0.19.1/plugins/asyncio/asyncio.c
Examining data/uwsgi-2.0.19.1/plugins/cache/cache.c
Examining data/uwsgi-2.0.19.1/plugins/carbon/carbon.c
Examining data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/cheaper_backlog2/cheaper_backlog2.c
Examining data/uwsgi-2.0.19.1/plugins/cheaper_busyness/cheaper_busyness.c
Examining data/uwsgi-2.0.19.1/plugins/clock_monotonic/clock_monotonic.c
Examining data/uwsgi-2.0.19.1/plugins/clock_realtime/clock_realtime.c
Examining data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c
Examining data/uwsgi-2.0.19.1/plugins/corerouter/cr.h
Examining data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c
Examining data/uwsgi-2.0.19.1/plugins/corerouter/cr_map.c
Examining data/uwsgi-2.0.19.1/plugins/coroae/coroae.c
Examining data/uwsgi-2.0.19.1/plugins/cplusplus/base.cc
Examining data/uwsgi-2.0.19.1/plugins/cplusplus/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/curl_cron/curl_cron.c
Examining data/uwsgi-2.0.19.1/plugins/dumbloop/dumb.c
Examining data/uwsgi-2.0.19.1/plugins/dummy/dummy.c
Examining data/uwsgi-2.0.19.1/plugins/echo/echo_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c
Examining data/uwsgi-2.0.19.1/plugins/emperor_amqp/emperor_amqp.c
Examining data/uwsgi-2.0.19.1/plugins/emperor_mongodb/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc
Examining data/uwsgi-2.0.19.1/plugins/emperor_pg/emperor_pg.c
Examining data/uwsgi-2.0.19.1/plugins/emperor_zeromq/emperor_zeromq.c
Examining data/uwsgi-2.0.19.1/plugins/example/example_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/exception_log/exception_log.c
Examining data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c
Examining data/uwsgi-2.0.19.1/plugins/fiber/fiber.c
Examining data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c
Examining data/uwsgi-2.0.19.1/plugins/gccgo/gccgo_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/geoip/geoip.c
Examining data/uwsgi-2.0.19.1/plugins/gevent/gevent.c
Examining data/uwsgi-2.0.19.1/plugins/gevent/gevent.h
Examining data/uwsgi-2.0.19.1/plugins/gevent/hooks.c
Examining data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c
Examining data/uwsgi-2.0.19.1/plugins/graylog2/graylog2_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/greenlet/greenlet.c
Examining data/uwsgi-2.0.19.1/plugins/gridfs/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc
Examining data/uwsgi-2.0.19.1/plugins/http/common.h
Examining data/uwsgi-2.0.19.1/plugins/http/http.c
Examining data/uwsgi-2.0.19.1/plugins/http/https.c
Examining data/uwsgi-2.0.19.1/plugins/http/keepalive.c
Examining data/uwsgi-2.0.19.1/plugins/http/spdy3.c
Examining data/uwsgi-2.0.19.1/plugins/http/spdy3.h
Examining data/uwsgi-2.0.19.1/plugins/jvm/jvm.h
Examining data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/jwsgi/jwsgi_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/ldap/ldap.c
Examining data/uwsgi-2.0.19.1/plugins/legion_cache_fetch/legion_cache_fetch.c
Examining data/uwsgi-2.0.19.1/plugins/libffi/libffi.c
Examining data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c
Examining data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c
Examining data/uwsgi-2.0.19.1/plugins/logfile/logfile.c
Examining data/uwsgi-2.0.19.1/plugins/logpipe/logpipe.c
Examining data/uwsgi-2.0.19.1/plugins/logsocket/logsocket_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/logzmq/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/lua/lua_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/matheval/math.c
Examining data/uwsgi-2.0.19.1/plugins/mongodb/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/mongodblog/mongodblog_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c
Examining data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c
Examining data/uwsgi-2.0.19.1/plugins/nagios/nagios.c
Examining data/uwsgi-2.0.19.1/plugins/notfound/notfound.c
Examining data/uwsgi-2.0.19.1/plugins/pam/pam.c
Examining data/uwsgi-2.0.19.1/plugins/php/common.h
Examining data/uwsgi-2.0.19.1/plugins/php/session.c
Examining data/uwsgi-2.0.19.1/plugins/php/php_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/ping/ping_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/psgi/psgi.h
Examining data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c
Examining data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/psgi/psgi_response.c
Examining data/uwsgi-2.0.19.1/plugins/psgi/uwsgi_plmodule.c
Examining data/uwsgi-2.0.19.1/plugins/pty/pty.c
Examining data/uwsgi-2.0.19.1/plugins/pypy/pypy_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/python/gil.c
Examining data/uwsgi-2.0.19.1/plugins/python/profiler.c
Examining data/uwsgi-2.0.19.1/plugins/python/pump_subhandler.c
Examining data/uwsgi-2.0.19.1/plugins/python/pyloader.c
Examining data/uwsgi-2.0.19.1/plugins/python/python_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/python/pyutils.c
Examining data/uwsgi-2.0.19.1/plugins/python/raw.c
Examining data/uwsgi-2.0.19.1/plugins/python/symimporter.c
Examining data/uwsgi-2.0.19.1/plugins/python/tracebacker.c
Examining data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c
Examining data/uwsgi-2.0.19.1/plugins/python/uwsgi_python.h
Examining data/uwsgi-2.0.19.1/plugins/python/web3_subhandler.c
Examining data/uwsgi-2.0.19.1/plugins/python/wsgi_handlers.c
Examining data/uwsgi-2.0.19.1/plugins/python/wsgi_headers.c
Examining data/uwsgi-2.0.19.1/plugins/python/wsgi_subhandler.c
Examining data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c
Examining data/uwsgi-2.0.19.1/plugins/rack/rack_api.c
Examining data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/rack/uwsgi_rack.h
Examining data/uwsgi-2.0.19.1/plugins/rados/rados.c
Examining data/uwsgi-2.0.19.1/plugins/rawrouter/rawrouter.c
Examining data/uwsgi-2.0.19.1/plugins/rbthreads/rbthreads.c
Examining data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/ring/ring_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/router_access/router_access.c
Examining data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c
Examining data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c
Examining data/uwsgi-2.0.19.1/plugins/router_expires/expires.c
Examining data/uwsgi-2.0.19.1/plugins/router_hash/router_hash.c
Examining data/uwsgi-2.0.19.1/plugins/router_http/router_http.c
Examining data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c
Examining data/uwsgi-2.0.19.1/plugins/router_metrics/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/router_radius/radius.c
Examining data/uwsgi-2.0.19.1/plugins/router_redirect/router_redirect.c
Examining data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c
Examining data/uwsgi-2.0.19.1/plugins/router_rewrite/router_rewrite.c
Examining data/uwsgi-2.0.19.1/plugins/router_spnego/router_spnego.c
Examining data/uwsgi-2.0.19.1/plugins/router_static/router_static.c
Examining data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c
Examining data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c
Examining data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c
Examining data/uwsgi-2.0.19.1/plugins/rsyslog/rsyslog_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/servlet/servlet_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/signal/signal_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/spooler/spooler_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/sqlite3/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/ssi/ssi.c
Examining data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c
Examining data/uwsgi-2.0.19.1/plugins/stackless/stackless.c
Examining data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/stats_pusher_mongodb/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/stats_pusher_mongodb/stats_pusher_mongodb.cc
Examining data/uwsgi-2.0.19.1/plugins/stats_pusher_socket/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/stats_pusher_statsd/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/syslog/syslog_plugin.c
Examining data/uwsgi-2.0.19.1/plugins/systemd_logger/systemd_logger.c
Examining data/uwsgi-2.0.19.1/plugins/tornado/tornado.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_chunked/chunked.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_gzip/gzip.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_offload/offload.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_template/tt.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_tofile/tofile.c
Examining data/uwsgi-2.0.19.1/plugins/transformation_toupper/toupper.c
Examining data/uwsgi-2.0.19.1/plugins/tuntap/common.c
Examining data/uwsgi-2.0.19.1/plugins/tuntap/common.h
Examining data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c
Examining data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c
Examining data/uwsgi-2.0.19.1/plugins/ugreen/ugreen.c
Examining data/uwsgi-2.0.19.1/plugins/v8/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/v8/v8_commonjs.cc
Examining data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc
Examining data/uwsgi-2.0.19.1/plugins/v8/v8_uwsgi.cc
Examining data/uwsgi-2.0.19.1/plugins/v8/v8_uwsgi.h
Examining data/uwsgi-2.0.19.1/plugins/webdav/webdav.c
Examining data/uwsgi-2.0.19.1/plugins/xattr/xattr.c
Examining data/uwsgi-2.0.19.1/plugins/xslt/xslt.c
Examining data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c
Examining data/uwsgi-2.0.19.1/plugins/zergpool/zergpool.c
Examining data/uwsgi-2.0.19.1/proto/base.c
Examining data/uwsgi-2.0.19.1/proto/fastcgi.c
Examining data/uwsgi-2.0.19.1/proto/http.c
Examining data/uwsgi-2.0.19.1/proto/puwsgi.c
Examining data/uwsgi-2.0.19.1/proto/scgi.c
Examining data/uwsgi-2.0.19.1/proto/uwsgi.c
Examining data/uwsgi-2.0.19.1/uwsgi.h
Examining data/uwsgi-2.0.19.1/uwsgi_main.c
FINAL RESULTS:
data/uwsgi-2.0.19.1/core/emperor.c:90:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(socket_name, 0666)) {
data/uwsgi-2.0.19.1/core/hooks.c:297:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
int ret = chmod(arg, mask);
data/uwsgi-2.0.19.1/core/hooks.c:311:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(arg, st.st_mode | S_ISVTX)) {
data/uwsgi-2.0.19.1/core/hooks.c:350:19: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int ret = chown(arg, pw->pw_uid, gr->gr_gid);
data/uwsgi-2.0.19.1/core/hooks.c:389:19: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
int ret = chown(arg, atoi(space+1), atoi(space2+1));
data/uwsgi-2.0.19.1/core/logging.c:294:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(uwsgi.logfile, uwsgi.chmod_logfile_value)) {
data/uwsgi-2.0.19.1/core/master.c:419:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(uwsgi.emperor_proxy, S_IRUSR|S_IWUSR)) {
data/uwsgi-2.0.19.1/core/master.c:434:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(uwsgi.setns_socket, S_IRUSR|S_IWUSR)) {
data/uwsgi-2.0.19.1/core/plugins.c:180:25: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((linkpath_size = readlink(plugin_abs_path, linkpath_buf, 1023)) > 0) {
data/uwsgi-2.0.19.1/core/plugins.c:184:31: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
} while ((linkpath_size = readlink(linkpath, linkpath_buf, 1023)) > 0);
data/uwsgi-2.0.19.1/core/socket.c:244:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(socket_name, uwsgi.chmod_socket_value) != 0) {
data/uwsgi-2.0.19.1/core/socket.c:250:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(socket_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) != 0) {
data/uwsgi-2.0.19.1/core/socket.c:1796:33: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(uwsgi_sock->name, uwsgi.chmod_socket_value) != 0) {
data/uwsgi-2.0.19.1/core/socket.c:1802:33: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(uwsgi_sock->name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) != 0) {
data/uwsgi-2.0.19.1/core/utils.c:221:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(usl->value, mode)) {
data/uwsgi-2.0.19.1/core/utils.c:2656:6: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(filename, new_uid, new_gid)) {
data/uwsgi-2.0.19.1/core/utils.c:2667:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t len = readlink("/proc/self/exe", buf, PATH_MAX);
data/uwsgi-2.0.19.1/core/utils.c:2680:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t len = readlink("/proc/curproc/exe", buf, PATH_MAX);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:164:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->s_addr.u_addr.sun_path, DEFAULT_SOCK);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:181:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->s_addr.u_addr.sun_path, DEFAULT_SOCK);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:588:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->script_name, location);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:602:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->scheme, scheme);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:713:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->s_addr2.u_addr.sun_path, path);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:746:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->s_addr.u_addr.sun_path, path);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:36:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_addr.sun_path, UWSGI_SOCK);
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:36:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_addr.sun_path, UWSGI_SOCK);
data/uwsgi-2.0.19.1/core/config.c:571:10: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(uwsgi.binary_path, argv);
data/uwsgi-2.0.19.1/core/emperor.c:1337:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(n_ui->name, R_OK | X_OK)) {
data/uwsgi-2.0.19.1/core/emperor.c:1476:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(vassal_argv[0], vassal_argv);
data/uwsgi-2.0.19.1/core/emperor.c:1483:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execvp(vassal_argv[0], vassal_argv)) {
data/uwsgi-2.0.19.1/core/emperor.c:1493:17: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(vassal_argv[0], vassal_argv);
data/uwsgi-2.0.19.1/core/logging.c:58:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(logpkt + rlen, 4096 - rlen, fmt, ap);
data/uwsgi-2.0.19.1/core/logging.c:65:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(tmp_buf + rlen, ret + 1, fmt, ap);
data/uwsgi-2.0.19.1/core/logging.c:111:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rlen += vsnprintf(logpkt + rlen, 4096 - rlen, fmt, ap);
data/uwsgi-2.0.19.1/core/logging.c:141:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rlen += vsnprintf(logpkt + rlen, 4096 - rlen, fmt, ap);
data/uwsgi-2.0.19.1/core/master_utils.c:554:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/uwsgi-2.0.19.1/core/metrics.c:720:39: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define uwsgi_metric_name(f, n) ret = snprintf(buf, 4096, f, n); if (ret <= 1 || ret >= 4096) { uwsgi_log("unable to register metric name %s\n", f); exit(1);}
data/uwsgi-2.0.19.1/core/metrics.c:721:44: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define uwsgi_metric_name2(f, n, n2) ret = snprintf(buf, 4096, f, n, n2); if (ret <= 1 || ret >= 4096) { uwsgi_log("unable to register metric name %s\n", f); exit(1);}
data/uwsgi-2.0.19.1/core/metrics.c:723:38: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define uwsgi_metric_oid(f, n) ret = snprintf(buf2, 4096, f, n); if (ret <= 1 || ret >= 4096) { uwsgi_log("unable to register metric oid %s\n", f); exit(1);}
data/uwsgi-2.0.19.1/core/metrics.c:724:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define uwsgi_metric_oid2(f, n, n2) ret = snprintf(buf2, 4096, f, n, n2); if (ret <= 1 || ret >= 4096) { uwsgi_log("unable to register metric oid %s\n", f); exit(1);}
data/uwsgi-2.0.19.1/core/plugins_builder.c:109:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/uwsgi-2.0.19.1/core/routing.c:1891:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(ub->buf, X_OK)) {
data/uwsgi-2.0.19.1/core/spooler.c:24:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(directory, R_OK | W_OK | X_OK) &&
data/uwsgi-2.0.19.1/core/spooler.c:529:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(task, R_OK|W_OK)) {
data/uwsgi-2.0.19.1/core/spooler.c:617:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(task, R_OK | W_OK)) {
data/uwsgi-2.0.19.1/core/utils.c:983:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(uwsgi.unprivileged_binary_patch, uwsgi.argv);
data/uwsgi-2.0.19.1/core/utils.c:1836:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return !access(filename, R_OK);
data/uwsgi-2.0.19.1/core/utils.c:1841:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return !access(filename, R_OK | X_OK);
data/uwsgi-2.0.19.1/core/utils.c:2414:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/uwsgi-2.0.19.1/core/utils.c:2434:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/uwsgi-2.0.19.1/core/utils.c:2440:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(command, argv);
data/uwsgi-2.0.19.1/core/utils.c:2588:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(uwsgi_binsh(), argv);
data/uwsgi-2.0.19.1/core/utils.c:3172:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uwsgi.orig_argv[i], uwsgi.argv[i]);
data/uwsgi-2.0.19.1/core/uwsgi.c:2520:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(uwsgi.privileged_binary_patch, uwsgi.argv);
data/uwsgi-2.0.19.1/core/uwsgi.c:2725:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(umd->value, R_OK)) {
data/uwsgi-2.0.19.1/core/uwsgi.c:3368:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(w_argv[0], w_argv);
data/uwsgi-2.0.19.1/core/uwsgi.c:3425:17: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(w_argv[0], w_argv);
data/uwsgi-2.0.19.1/plugins/carbon/carbon.c:176:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rlen = vsnprintf(ptr, 4096, fmt, ap);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:587:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(full_path, R_OK)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:632:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(full_path, X_OK)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:952:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execvp(argv[0], argv)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:1021:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ub_command->buf, X_OK)) {
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:251:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:257:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:264:4: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:136:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->names, ldap_name);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:844:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(real_filename, uphp.app);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:985:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(real_filename, R_OK)) {
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1910:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(abs_path, R_OK | W_OK)) {
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2092:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(task_path, R_OK | W_OK)) {
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:110:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_argv_ptr, arg_str);
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:595:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("config.ru", R_OK)) {
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:80:13: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypted = crypt_r( colon+1, cpwd, &cd);
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:83:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypted = crypt( colon+1, cpwd);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:151:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr+sizeof(struct uwsgi_header), args);
data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c:98:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf_ptr, repl);
data/uwsgi-2.0.19.1/plugins/v8/v8_commonjs.cc:84:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
global->Set(v8::String::New("system"), system);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:79:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (content_length = getenv("CONTENT_LENGTH")) != NULL) {
data/uwsgi-2.0.19.1/core/config.c:177:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *p = getenv(uwsgi.logic_opt_data);
data/uwsgi-2.0.19.1/core/config.c:201:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *p = getenv(uwsgi.logic_opt_data);
data/uwsgi-2.0.19.1/core/emperor.c:1527:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(".", uwsgi.emperor_absolute_dir) == NULL) {
data/uwsgi-2.0.19.1/core/emperor.c:2273:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *emperor_fd_pass = getenv("UWSGI_EMPEROR_PROXY");
data/uwsgi-2.0.19.1/core/emperor.c:2321:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *emperor_env = getenv("UWSGI_EMPEROR_FD");
data/uwsgi-2.0.19.1/core/emperor.c:2328:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("UWSGI_EMPEROR_FD_CONFIG")) {
data/uwsgi-2.0.19.1/core/emperor.c:2329:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uwsgi.emperor_fd_config = atoi(getenv("UWSGI_EMPEROR_FD_CONFIG"));
data/uwsgi-2.0.19.1/core/init.c:197:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env_reloads = getenv("UWSGI_RELOADS");
data/uwsgi-2.0.19.1/core/init.c:224:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *original_proc_name = getenv("UWSGI_ORIGINAL_PROC_NAME");
data/uwsgi-2.0.19.1/core/init.c:242:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
plugins_requested = getenv("UWSGI_PLUGINS");
data/uwsgi-2.0.19.1/core/init.c:267:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt_long(argc, argv, uwsgi.short_options, uwsgi.long_options, &uwsgi.option_index)) != -1) {
data/uwsgi-2.0.19.1/core/plugins_builder.c:92:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
argv[0] = getenv("PYTHON");
data/uwsgi-2.0.19.1/core/protocol.c:827:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(udd->key, udd->value)) {
data/uwsgi-2.0.19.1/core/protocol.c:855:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(udd->value, real_docroot)) {
data/uwsgi-2.0.19.1/core/protocol.c:888:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(udd->value, real_docroot)) {
data/uwsgi-2.0.19.1/core/setup_utils.c:10:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *listen_pid = getenv("LISTEN_PID");
data/uwsgi-2.0.19.1/core/setup_utils.c:13:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *listen_fds = getenv("LISTEN_FDS");
data/uwsgi-2.0.19.1/core/setup_utils.c:36:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *upstart_events = getenv("UPSTART_EVENTS");
data/uwsgi-2.0.19.1/core/setup_utils.c:38:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *upstart_fds = getenv("UPSTART_FDS");
data/uwsgi-2.0.19.1/core/setup_utils.c:40:64: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uwsgi_log("- Upstart socket bridge detected (job: %s) -\n", getenv("UPSTART_JOB"));
data/uwsgi-2.0.19.1/core/spooler.c:65:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(dir, uspool->dir)) {
data/uwsgi-2.0.19.1/core/spooler.c:605:22: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *prio_path = realpath(".", NULL);
data/uwsgi-2.0.19.1/core/static.c:613:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(filename, real_filename)) {
data/uwsgi-2.0.19.1/core/utils.c:588:12: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (uwsgi.chroot && !uwsgi.is_chrooted && !uwsgi.reloads) {
data/uwsgi-2.0.19.1/core/utils.c:590:40: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
uwsgi_log("chroot() to %s\n", uwsgi.chroot);
data/uwsgi-2.0.19.1/core/utils.c:592:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(uwsgi.chroot)) {
data/uwsgi-2.0.19.1/core/utils.c:592:20: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(uwsgi.chroot)) {
data/uwsgi-2.0.19.1/core/utils.c:994:12: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (uwsgi.chroot && !uwsgi.is_chrooted && !uwsgi.is_a_reload) {
data/uwsgi-2.0.19.1/core/utils.c:2685:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(argvzero, buf)) {
data/uwsgi-2.0.19.1/core/utils.c:2695:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *newbuf = realpath(buf, NULL);
data/uwsgi-2.0.19.1/core/utils.c:2713:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(buf, newbuf)) {
data/uwsgi-2.0.19.1/core/utils.c:3557:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tmpdir = getenv("TMPDIR");
data/uwsgi-2.0.19.1/core/utils.c:3661:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(src, dst)) {
data/uwsgi-2.0.19.1/core/uwsgi.c:358:100: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
{"chroot", required_argument, 0, "chroot() to the specified directory", uwsgi_opt_set_str, &uwsgi.chroot, 0},
data/uwsgi-2.0.19.1/core/uwsgi.c:2039:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) (uwsgi.start_tv.tv_usec * uwsgi.start_tv.tv_sec));
data/uwsgi-2.0.19.1/core/uwsgi.c:2156:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *notify_socket = getenv("NOTIFY_SOCKET");
data/uwsgi-2.0.19.1/core/uwsgi.c:2166:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *screen_env = getenv("TERM");
data/uwsgi-2.0.19.1/core/uwsgi.c:2169:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uwsgi.screen_session = getenv("STY");
data/uwsgi-2.0.19.1/core/uwsgi.c:2250:51: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uwsgi_apply_config_pass('$', (char *(*)(char *)) getenv);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:90:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
udd->value = realpath(udd->value, NULL);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:112:16: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
udd->key = realpath(udd->key, NULL);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:391:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(path, tmp_udd)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:530:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(full_path, tmp_path) == NULL) {
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:723:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ucr->pb_base_dir = getenv("TMPDIR");
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:928:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(filename, real_filename)) {
data/uwsgi-2.0.19.1/plugins/pypy/pypy_plugin.c:135:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
upypy.home = getenv("PYPY_HOME");
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:432:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *home = getenv("HOME");
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:495:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(tmp_filename, filename)) {
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1398:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(docroot, wd_docroot)) {
data/uwsgi-2.0.19.1/uwsgi.h:2011:8: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
char *chroot;
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFFER_SIZE];
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buf + s->used, buf, len);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFFER_SIZE];
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:829:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(strtimeout);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:875:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(value);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:895:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(value);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *host, sport[sizeof(":65535")];
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, env[j].key, keylen) ; ptr+=keylen;
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, env[j].val, vallen) ; ptr+=vallen;
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HUGE_STRING_LEN];
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:344:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->status = atoi(&buffer[status_start]);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_portstr[32];
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script_name[256];
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[9];
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_header[4];
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096] ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uwsgi_http_status[13] ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_header+1, &pkt_size, 2);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:433:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_header+1, &pkt_size, 2);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:504:43: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi_http_status+uwsgi_http_status_read, buf, 12-uwsgi_http_status_read);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:505:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->status = atoi(uwsgi_http_status+8);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:509:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi_http_status+uwsgi_http_status_read, buf, cnt);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:623:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->max_vars = atoi(value);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:640:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(value);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:682:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(value);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:708:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->s_addr2.i_addr.sin_port = htons(atoi(tcp_port+1));
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:741:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->s_addr.i_addr.sin_port = htons(atoi(tcp_port+1));
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:756:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->socket_timeout = atoi(timeout);
data/uwsgi-2.0.19.1/contrib/cgi_python.c:13:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "r");
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[4096];
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:58:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, &len, 2);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:60:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, env, len);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:64:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, &len, 2);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:66:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, place_holder+1, len);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message+1, &len, 2);
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:80:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(content_length) > 0) {
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[4096];
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:61:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, &len, 2);
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:63:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, env, len);
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, &len, 2);
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:69:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr, place_holder+1, len);
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message+1, &len, 2);
data/uwsgi-2.0.19.1/core/alarm.c:7:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uai->data8 = atoi(uai->arg);
data/uwsgi-2.0.19.1/core/alarm.c:62:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uai->data32 = atoi(uai->arg);
data/uwsgi-2.0.19.1/core/alarm.c:232:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr, buf, sizeof(long));
data/uwsgi-2.0.19.1/core/alarm.c:323:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(space0+1);
data/uwsgi-2.0.19.1/core/alarm.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uai->last_msg, msg, len);
data/uwsgi-2.0.19.1/core/buffer.c:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ub->buf+pos, buf, len);
data/uwsgi-2.0.19.1/core/buffer.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunked[19];
data/uwsgi-2.0.19.1/core/buffer.c:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunked[19];
data/uwsgi-2.0.19.1/core/buffer.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ub->buf + ub->pos, buf, len);
data/uwsgi-2.0.19.1/core/buffer.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET_ADDRSTRLEN];
data/uwsgi-2.0.19.1/core/buffer.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/buffer.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/buffer.c:290:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/buffer.c:390:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/cache.c:385:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache_fd = open(uc->store, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/cache.c:399:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache_fd = open(uc->store, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/cache.c:820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uci->key, key, keylen);
data/uwsgi-2.0.19.1/core/cache.c:823:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) uc->data) + (uci->first_block * uc->blocksize), val, vallen);
data/uwsgi-2.0.19.1/core/cache.c:913:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) uc->data) + (uci->first_block * uc->blocksize), val, vallen);
data/uwsgi-2.0.19.1/core/cache.c:997:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char es[sizeof(UMAX64_STR) + 1];
data/uwsgi-2.0.19.1/core/cache.c:1065:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pktsize, buf+1, 2);
data/uwsgi-2.0.19.1/core/cache.c:1068:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ss, buf + 4, 2);
data/uwsgi-2.0.19.1/core/cache.c:1076:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ss, buf + 6 + keylen, 2);
data/uwsgi-2.0.19.1/core/cache.c:1082:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ss, buf + 8 + keylen + vallen , 2);
data/uwsgi-2.0.19.1/core/cache.c:1681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, value, *vallen);
data/uwsgi-2.0.19.1/core/config.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uwsgi-2.0.19.1/core/config.c:88:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen(uwsgi.logic_opt_data, "r");
data/uwsgi-2.0.19.1/core/config.c:102:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(uwsgi.logic_opt_data);
data/uwsgi-2.0.19.1/core/config.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_num[11];
data/uwsgi-2.0.19.1/core/config.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/uwsgi-2.0.19.1/core/cron.c:158:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->minute = atoi(c_minute);
data/uwsgi-2.0.19.1/core/cron.c:161:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->hour = atoi(c_hour);
data/uwsgi-2.0.19.1/core/cron.c:164:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->day = atoi(c_day);
data/uwsgi-2.0.19.1/core/cron.c:167:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->month = atoi(c_month);
data/uwsgi-2.0.19.1/core/cron.c:170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->week = atoi(c_week);
data/uwsgi-2.0.19.1/core/cron.c:173:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->unique = atoi(c_unique);
data/uwsgi-2.0.19.1/core/cron.c:176:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(c_harakiri)) {
data/uwsgi-2.0.19.1/core/cron.c:178:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uc->mercy = atoi(c_harakiri);
data/uwsgi-2.0.19.1/core/daemons.c:159:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/daemons.c:173:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = atoi(pidstr);
data/uwsgi-2.0.19.1/core/daemons.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[PTHREAD_STACK_MIN];
data/uwsgi-2.0.19.1/core/daemons.c:468:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(comma + 1);
data/uwsgi-2.0.19.1/core/daemons.c:591:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->freq = d_freq ? atoi(d_freq) : 10;
data/uwsgi-2.0.19.1/core/daemons.c:594:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->stop_signal = d_stopsignal ? atoi(d_stopsignal) : SIGTERM;
data/uwsgi-2.0.19.1/core/daemons.c:595:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->reload_signal = d_reloadsignal ? atoi(d_reloadsignal) : 0;
data/uwsgi-2.0.19.1/core/daemons.c:597:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->uid = d_uid ? atoi(d_uid) : 0;
data/uwsgi-2.0.19.1/core/daemons.c:598:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->gid = d_gid ? atoi(d_gid) : 0;
data/uwsgi-2.0.19.1/core/daemons.c:607:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_ud->max_throttle = d_max_throttle ? atoi(d_max_throttle) : 0;
data/uwsgi-2.0.19.1/core/emperor.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[0xff];
data/uwsgi-2.0.19.1/core/emperor.c:64:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
us.sa_in.sin_port = htons(atoi(is_tcp + 1));
data/uwsgi-2.0.19.1/core/emperor.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(us.sa_un.sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/emperor.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uebi->last_attempt, &uebi->first_attempt, sizeof(struct timeval));
data/uwsgi-2.0.19.1/core/emperor.c:219:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(tmp, O_RDONLY);
data/uwsgi-2.0.19.1/core/emperor.c:372:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, c_ui->name, colon - c_ui->name);
data/uwsgi-2.0.19.1/core/emperor.c:494:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, c_ui->name, colon - c_ui->name);
data/uwsgi-2.0.19.1/core/emperor.c:916:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n_ui->name, name, strlen(name));
data/uwsgi-2.0.19.1/core/emperor.c:993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[PTHREAD_STACK_MIN];
data/uwsgi-2.0.19.1/core/emperor.c:1043:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/uwsgi-2.0.19.1/core/emperor.c:1045:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv_pid[17 + 11];
data/uwsgi-2.0.19.1/core/emperor.c:1048:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv_uid[17 + 11];
data/uwsgi-2.0.19.1/core/emperor.c:1051:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv_gid[17 + 11];
data/uwsgi-2.0.19.1/core/emperor.c:1669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notification_message[64];
data/uwsgi-2.0.19.1/core/emperor.c:2324:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi.emperor_fd = atoi(emperor_env);
data/uwsgi-2.0.19.1/core/emperor.c:2329:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi.emperor_fd_config = atoi(getenv("UWSGI_EMPEROR_FD_CONFIG"));
data/uwsgi-2.0.19.1/core/emperor.c:2496:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep_fd_ptr, &uwsgi.emperor_fd, sizeof(int));
data/uwsgi-2.0.19.1/core/emperor.c:2498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep_fd_ptr + sizeof(int), &uwsgi.emperor_fd_config, sizeof(int));
data/uwsgi-2.0.19.1/core/errors.c:10:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(usl->value, O_RDONLY);
data/uwsgi-2.0.19.1/core/event.c:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&upe->poll[i], &upe->poll[i+1], sizeof(struct uwsgi_poll_event) * (upe->nevents - (i+1)));
data/uwsgi-2.0.19.1/core/event.c:1064:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/exceptions.c:450:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr, buf, sizeof(long));
data/uwsgi-2.0.19.1/core/fifo.c:116:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(path, O_RDONLY|O_NONBLOCK);
data/uwsgi-2.0.19.1/core/fsmon.c:38:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fs->path, O_RDONLY);
data/uwsgi-2.0.19.1/core/fsmon.c:77:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_route_signal(atoi((char *) fs->data));
data/uwsgi-2.0.19.1/core/hooks.c:105:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
exit_code = atoi(arg);
data/uwsgi-2.0.19.1/core/hooks.c:132:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_NONBLOCK);
data/uwsgi-2.0.19.1/core/hooks.c:160:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_CREAT|O_TRUNC, 0666);
data/uwsgi-2.0.19.1/core/hooks.c:178:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_CREAT|O_TRUNC, 0666);
data/uwsgi-2.0.19.1/core/hooks.c:195:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_CREAT|O_APPEND, 0666);
data/uwsgi-2.0.19.1/core/hooks.c:220:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_CREAT|O_TRUNC, 0666);
data/uwsgi-2.0.19.1/core/hooks.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, space+1, l);
data/uwsgi-2.0.19.1/core/hooks.c:246:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(arg, O_WRONLY|O_CREAT|O_APPEND, 0666);
data/uwsgi-2.0.19.1/core/hooks.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, space+1, l);
data/uwsgi-2.0.19.1/core/hooks.c:389:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ret = chown(arg, atoi(space+1), atoi(space2+1));
data/uwsgi-2.0.19.1/core/hooks.c:389:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ret = chown(arg, atoi(space+1), atoi(space2+1));
data/uwsgi-2.0.19.1/core/hooks.c:417:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int signum = atoi(arg);
data/uwsgi-2.0.19.1/core/hooks.c:433:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:483:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:531:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/core/hooks.c:604:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(arg, O_WRONLY|O_NONBLOCK);
data/uwsgi-2.0.19.1/core/init.c:6:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char key[3];
data/uwsgi-2.0.19.1/core/init.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char env_reload_buf[11];
data/uwsgi-2.0.19.1/core/init.c:200:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi.reloads = atoi(env_reloads);
data/uwsgi-2.0.19.1/core/io.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buf[4096];
data/uwsgi-2.0.19.1/core/io.c:62:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + (*size - len), stack_buf, len);
data/uwsgi-2.0.19.1/core/io.c:86:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/io.c:120:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(url);
data/uwsgi-2.0.19.1/core/io.c:309:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(uwsgi.binary_path, O_RDONLY);
data/uwsgi-2.0.19.1/core/io.c:314:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int slot = atoi(url);
data/uwsgi-2.0.19.1/core/io.c:390:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s, strlen(s));
data/uwsgi-2.0.19.1/core/io.c:409:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s, strlen(s));
data/uwsgi-2.0.19.1/core/io.c:447:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, sym_start_ptr, sym_end_ptr - sym_start_ptr);
data/uwsgi-2.0.19.1/core/io.c:506:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &UWSGI_EMBED_CONFIG, &UWSGI_EMBED_CONFIG_END - &UWSGI_EMBED_CONFIG);
data/uwsgi-2.0.19.1/core/io.c:523:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(url, O_RDONLY);
data/uwsgi-2.0.19.1/core/io.c:675:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, id + code_len, sizeof(int));
data/uwsgi-2.0.19.1/core/io.c:707:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, CMSG_DATA(cmsg), cmsg->cmsg_len - ((char *) CMSG_DATA(cmsg) - (char *) cmsg));
data/uwsgi-2.0.19.1/core/io.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/io.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/io.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/io.c:1202:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fl->value, "w");
data/uwsgi-2.0.19.1/core/io.c:1290:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdin = open(filename, O_RDWR);
data/uwsgi-2.0.19.1/core/json.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/uwsgi-2.0.19.1/core/legion.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ul->uuid, value, 36);
data/uwsgi-2.0.19.1/core/legion.c:75:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ul->lord_uuid, value, 36);
data/uwsgi-2.0.19.1/core/legion.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, ul->scroll, ul->scroll_len); ptr += ul->scroll_len;
data/uwsgi-2.0.19.1/core/legion.c:112:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uln->scroll, uln->scroll_len); ptr += uln->scroll_len;
data/uwsgi-2.0.19.1/core/legion.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->name, name, name_len);
data/uwsgi-2.0.19.1/core/legion.c:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->uuid, uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char best_uuid[36];
data/uwsgi-2.0.19.1/core/legion.c:277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_uuid, node->uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:284:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_uuid, ul->uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:361:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ul->lord_scroll, ul->scroll, ul->lord_scroll_len);
data/uwsgi-2.0.19.1/core/legion.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char best_uuid[36];
data/uwsgi-2.0.19.1/core/legion.c:422:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_uuid, ul->uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:434:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_uuid, nodes->uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_uuid, nodes->uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:461:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ul->lord_uuid, best_uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ul->lord_scroll, best_node->scroll, ul->lord_scroll_len);
data/uwsgi-2.0.19.1/core/legion.c:619:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->scroll, legion_msg.scroll, node->scroll_len);
data/uwsgi-2.0.19.1/core/legion.c:647:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->lord_uuid, legion_msg.lord_uuid, 36);
data/uwsgi-2.0.19.1/core/legion.c:683:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return uwsgi_signal_send(uwsgi.signal_socket, atoi(arg));
data/uwsgi-2.0.19.1/core/legion.c:925:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ul->quorum = atoi(space+1);
data/uwsgi-2.0.19.1/core/legion.c:1094:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secret_tmp, secret, s_len);
data/uwsgi-2.0.19.1/core/legion.c:1106:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secret_tmp, iv, s_iv_len);
data/uwsgi-2.0.19.1/core/legion.c:1243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, legion->lord_scroll, legion->lord_scroll_len);
data/uwsgi-2.0.19.1/core/legion.c:1256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, legion->scrolls, legion->scrolls_len);
data/uwsgi-2.0.19.1/core/lock.c:523:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uli->lock_ptr, &semid, sizeof(int));
data/uwsgi-2.0.19.1/core/lock.c:542:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&semid, uli->lock_ptr, sizeof(int));
data/uwsgi-2.0.19.1/core/lock.c:565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&semid, uli->lock_ptr, sizeof(int));
data/uwsgi-2.0.19.1/core/lock.c:627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&semid, uli->lock_ptr, sizeof(int));
data/uwsgi-2.0.19.1/core/lock.c:641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&semid, uli->lock_ptr, sizeof(int));
data/uwsgi-2.0.19.1/core/logging.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logpkt[4096];
data/uwsgi-2.0.19.1/core/logging.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftime[64];
data/uwsgi-2.0.19.1/core/logging.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime_storage[26];
data/uwsgi-2.0.19.1/core/logging.c:39:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt, sftime, rlen);
data/uwsgi-2.0.19.1/core/logging.c:40:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt + rlen, " - ", 3);
data/uwsgi-2.0.19.1/core/logging.c:50:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt, ctime_storage, 24);
data/uwsgi-2.0.19.1/core/logging.c:51:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt + 24, " - ", 3);
data/uwsgi-2.0.19.1/core/logging.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, logpkt, rlen);
data/uwsgi-2.0.19.1/core/logging.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logpkt[4096];
data/uwsgi-2.0.19.1/core/logging.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftime[64];
data/uwsgi-2.0.19.1/core/logging.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime_storage[26];
data/uwsgi-2.0.19.1/core/logging.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt, sftime, rlen);
data/uwsgi-2.0.19.1/core/logging.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt + rlen, " - ", 3);
data/uwsgi-2.0.19.1/core/logging.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt, ctime_storage, 24);
data/uwsgi-2.0.19.1/core/logging.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt + 24, " - ", 3);
data/uwsgi-2.0.19.1/core/logging.c:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logpkt[4096];
data/uwsgi-2.0.19.1/core/logging.c:127:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime_storage[26];
data/uwsgi-2.0.19.1/core/logging.c:135:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt, ctime_storage, 24);
data/uwsgi-2.0.19.1/core/logging.c:136:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logpkt + 24, " - ", 3);
data/uwsgi-2.0.19.1/core/logging.c:266:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
udp_addr.sin_port = htons(atoi(udp_port + 1));
data/uwsgi-2.0.19.1/core/logging.c:282:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(logfile, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/core/logging.c:285:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(logfile, O_RDWR | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/core/logging.c:385:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy_of_choosen_logger, choosen_logger, sizeof(struct uwsgi_logger));
data/uwsgi-2.0.19.1/core/logging.c:450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lv->val, val, vallen);
data/uwsgi-2.0.19.1/core/logging.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lv->key, key, keylen);
data/uwsgi-2.0.19.1/core/logging.c:475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lv->val, val, vallen);
data/uwsgi-2.0.19.1/core/logging.c:533:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(logfile, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/core/logging.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/uwsgi-2.0.19.1/core/logging.c:574:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uwsgi.original_log_fd = open(uwsgi.logfile, O_RDWR | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/core/logging.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_request[26];
data/uwsgi-2.0.19.1/core/logging.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mempkt[4096];
data/uwsgi-2.0.19.1/core/logging.c:643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logpkt[4096];
data/uwsgi-2.0.19.1/core/logging.c:750:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procfile = fopen("/proc/self/stat", "r");
data/uwsgi-2.0.19.1/core/logging.c:764:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procfile = fopen("/proc/self/stat", "r");
data/uwsgi-2.0.19.1/core/logging.c:776:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procfd = open("/proc/self/psinfo", O_RDONLY);
data/uwsgi-2.0.19.1/core/logging.c:1609:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ule2, ule, sizeof(struct uwsgi_log_encoder));
data/uwsgi-2.0.19.1/core/logging.c:1638:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ule2, ule, sizeof(struct uwsgi_log_encoder));
data/uwsgi-2.0.19.1/core/logging.c:1831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftime[64];
data/uwsgi-2.0.19.1/core/logging.c:1896:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftime[64];
data/uwsgi-2.0.19.1/core/master.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/master.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char udp_client_addr[16];
data/uwsgi-2.0.19.1/core/master.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/uwsgi-2.0.19.1/core/master.c:584:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_add_timer(atoi(usl->value), atoi(space+1));
data/uwsgi-2.0.19.1/core/master.c:584:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_add_timer(atoi(usl->value), atoi(space+1));
data/uwsgi-2.0.19.1/core/master.c:595:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_signal_add_rb_timer(atoi(usl->value), atoi(space+1), 0);
data/uwsgi-2.0.19.1/core/master.c:595:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_signal_add_rb_timer(atoi(usl->value), atoi(space+1), 0);
data/uwsgi-2.0.19.1/core/master.c:873:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t signum = atoi(touched);
data/uwsgi-2.0.19.1/core/master_events.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_tmp[8];
data/uwsgi-2.0.19.1/core/master_events.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_tmp[8];
data/uwsgi-2.0.19.1/core/master_utils.c:1549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_buf[4096];
data/uwsgi-2.0.19.1/core/master_utils.c:1550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_name[64];
data/uwsgi-2.0.19.1/core/master_utils.c:1555:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proc_file = open(proc_name, O_RDONLY);
data/uwsgi-2.0.19.1/core/master_utils.c:1568:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proc_file = open(proc_name, O_RDONLY);
data/uwsgi-2.0.19.1/core/master_utils.c:1774:58: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uwsgi.setns_fds[uwsgi.setns_fds_count] = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/master_utils.c:1833:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fds[num_fds] = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/metrics.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/metrics.c:76:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/metrics.c:274:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP);
data/uwsgi-2.0.19.1/core/metrics.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/metrics.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[4096];
data/uwsgi-2.0.19.1/core/metrics.c:928:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
umt->rate = (int32_t) atoi(m_rate);
data/uwsgi-2.0.19.1/core/mount.c:172:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *procmounts = fopen("/proc/self/mounts", "r");
data/uwsgi-2.0.19.1/core/mount.c:178:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uwsgi-2.0.19.1/core/mule.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[65536];
data/uwsgi-2.0.19.1/core/mule.c:407:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (i = 0; i < atoi(value); i++) {
data/uwsgi-2.0.19.1/core/mule.c:463:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct uwsgi_mule *um = get_mule_by_id(atoi(p));
data/uwsgi-2.0.19.1/core/notify.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/offload.c:136:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uor->fd = open(uor->name, O_RDONLY | O_NONBLOCK);
data/uwsgi-2.0.19.1/core/plugins.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkpath_buf[1024], linkpath[1024];
data/uwsgi-2.0.19.1/core/plugins.c:98:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modifier = atoi(plugin_name);
data/uwsgi-2.0.19.1/core/plugins_builder.c:38:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int dot_h_fd = open(UWSGI_BUILD_DIR "/uwsgi.h", O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
data/uwsgi-2.0.19.1/core/plugins_builder.c:62:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int config_py_fd = open(UWSGI_BUILD_DIR "/uwsgiconfig.py", O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
data/uwsgi-2.0.19.1/core/plugins_builder.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[6];
data/uwsgi-2.0.19.1/core/progress.c:66:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = open(upload_progress_filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/core/progress.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/protocol.c:92:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:133:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:151:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:466:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wsgi_req->post_file = fopen(postfile, "r");
data/uwsgi-2.0.19.1/core/protocol.c:634:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:652:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:940:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&keysize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:959:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&valsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:989:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&valsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/core/protocol.c:1076:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->proto_parser_buf, wsgi_req->proto_parser_remains_buf, wsgi_req->proto_parser_remains);
data/uwsgi-2.0.19.1/core/protocol.c:1096:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key, keylen);
data/uwsgi-2.0.19.1/core/protocol.c:1107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, vallen);
data/uwsgi-2.0.19.1/core/protocol.c:1122:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->proto_parser_buf, wsgi_req->proto_parser_remains_buf, wsgi_req->proto_parser_remains);
data/uwsgi-2.0.19.1/core/protocol.c:1152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "PATH_INFO", keylen);
data/uwsgi-2.0.19.1/core/protocol.c:1163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, wsgi_req->path_info, wsgi_req->path_info_len - (need_slash + index_len));
data/uwsgi-2.0.19.1/core/protocol.c:1168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, index, index_len);
data/uwsgi-2.0.19.1/core/queue.c:23:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
queue_fd = open(uwsgi.queue_store, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/queue.c:37:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
queue_fd = open(uwsgi.queue_store, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/queue.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, message, size);
data/uwsgi-2.0.19.1/core/queue.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, message, size);
data/uwsgi-2.0.19.1/core/reader.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->post_readline_buf + wsgi_req->post_readline_watermark, wsgi_req->post_buffering_buf + wsgi_req->post_pos, remains);
data/uwsgi-2.0.19.1/core/reader.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->post_read_buf, wsgi_req->post_readline_buf + wsgi_req->post_readline_pos, avail);
data/uwsgi-2.0.19.1/core/regexp.c:85:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, src + ovector[pos], ovector[pos + 1] - ovector[pos]);
data/uwsgi-2.0.19.1/core/routing.c:431:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->if_status = atoi(ur->orig_route);
data/uwsgi-2.0.19.1/core/routing.c:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/routing.c:712:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->custom = atoi(arg);
data/uwsgi-2.0.19.1/core/routing.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/routing.c:761:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/routing.c:905:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->custom = atoi(arg);
data/uwsgi-2.0.19.1/core/routing.c:1032:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->custom = atoi(arg);
data/uwsgi-2.0.19.1/core/routing.c:1280:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->custom = atoi(arg);
data/uwsgi-2.0.19.1/core/routing.c:1289:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ur->custom = atoi(arg);
data/uwsgi-2.0.19.1/core/routing.c:1698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[IP4_LEN+1] = {}, maskbuf[IP4PFX_LEN+1] = {};
data/uwsgi-2.0.19.1/core/routing.c:1721:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipbuf, ub->buf, ub->pos);
data/uwsgi-2.0.19.1/core/routing.c:1722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maskbuf, ub2->buf, ub2->pos);
data/uwsgi-2.0.19.1/core/routing.c:1726:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pfxlen = atoi(slash);
data/uwsgi-2.0.19.1/core/routing.c:1750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[IP6_LEN+1] = {}, maskbuf[IP6PFX_LEN+1] = {};
data/uwsgi-2.0.19.1/core/routing.c:1773:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipbuf, ub->buf, ub->pos);
data/uwsgi-2.0.19.1/core/routing.c:1774:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maskbuf, ub2->buf, ub2->pos);
data/uwsgi-2.0.19.1/core/routing.c:1778:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pfxlen = atoi(slash);
data/uwsgi-2.0.19.1/core/rpc.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(urpc->name, name, strlen(name));
data/uwsgi-2.0.19.1/core/rpc.c:58:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.rpc_table[pos], uwsgi.rpc_table, sizeof(struct uwsgi_rpc) * uwsgi.rpc_max);
data/uwsgi-2.0.19.1/core/rpc.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, func, ulen);
data/uwsgi-2.0.19.1/core/rpc.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, argv[i], ulen);
data/uwsgi-2.0.19.1/core/sendfile.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/setup_utils.c:12:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(listen_pid) == (int) getpid()) {
data/uwsgi-2.0.19.1/core/setup_utils.c:15:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int systemd_fds = atoi(listen_fds);
data/uwsgi-2.0.19.1/core/setup_utils.c:42:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_add_socket_from_fd(uwsgi_sock, atoi(upstart_fds));
data/uwsgi-2.0.19.1/core/sharedarea.c:65:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob, sa->area + pos, len);
data/uwsgi-2.0.19.1/core/sharedarea.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa->area + pos, blob, len);
data/uwsgi-2.0.19.1/core/sharedarea.c:365:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pages = atoi(s_pages);
data/uwsgi-2.0.19.1/core/sharedarea.c:373:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(s_file, O_RDWR|O_SYNC);
data/uwsgi-2.0.19.1/core/sharedarea.c:380:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(s_fd);
data/uwsgi-2.0.19.1/core/sharedarea.c:417:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_sharedarea_init(atoi(usl->value));
data/uwsgi-2.0.19.1/core/signal.c:145:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.shared->signal_table[pos], &uwsgi.shared->signal_table[0], sizeof(struct uwsgi_signal_entry) * 256);
data/uwsgi-2.0.19.1/core/signal.c:167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ushared->files_monitored[ushared->files_monitored_cnt].filename, filename, strlen(filename));
data/uwsgi-2.0.19.1/core/signal.c:348:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(use->receiver + 6);
data/uwsgi-2.0.19.1/core/signal.c:375:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(use->receiver + 4);
data/uwsgi-2.0.19.1/core/signal.c:402:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(use->receiver + 4);
data/uwsgi-2.0.19.1/core/snmp.c:417:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->snmp_community, uwsgi.snmp_community, 72);
data/uwsgi-2.0.19.1/core/snmp.c:420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->snmp_community, uwsgi.snmp_community, strlen(uwsgi.snmp_community) + 1);
data/uwsgi-2.0.19.1/core/socket.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char computed_port[6];
data/uwsgi-2.0.19.1/core/socket.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4a[INET_ADDRSTRLEN + 1];
data/uwsgi-2.0.19.1/core/socket.c:147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr->sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr->sun_path + abstract_socket, socket_name + 1, UMIN(strlen(socket_name + 1), 101));
data/uwsgi-2.0.19.1/core/socket.c:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr->sun_path + abstract_socket, socket_name + 2, UMIN(strlen(socket_name + 2), 101));
data/uwsgi-2.0.19.1/core/socket.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr->sun_path + 1, socket_name, UMIN(strlen(socket_name), 101));
data/uwsgi-2.0.19.1/core/socket.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr->sun_path + abstract_socket, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:282:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uws_addr.sin_port = htons(atoi(udp_port + 1));
data/uwsgi-2.0.19.1/core/socket.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quad[4];
data/uwsgi-2.0.19.1/core/socket.c:289:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(quad, socket_name, first_part - socket_name);
data/uwsgi-2.0.19.1/core/socket.c:290:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(quad) >= 224 && atoi(quad) <= 239) {
data/uwsgi-2.0.19.1/core/socket.c:290:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(quad) >= 224 && atoi(quad) <= 239) {
data/uwsgi-2.0.19.1/core/socket.c:361:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return connect_to_tcp(socket_name, atoi(tcp_port), timeout, async);
data/uwsgi-2.0.19.1/core/socket.c:388:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = connect_to_udp(zeroed_socket_name, atoi(udp_port));
data/uwsgi-2.0.19.1/core/socket.c:406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr.sun_path + 1, socket_name + 1, UMIN(strlen(socket_name + 1), 101));
data/uwsgi-2.0.19.1/core/socket.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr.sun_path + 1, socket_name + 2, UMIN(strlen(socket_name + 2), 101));
data/uwsgi-2.0.19.1/core/socket.c:413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uws_addr.sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_addr[16];
data/uwsgi-2.0.19.1/core/socket.c:610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sun_addr->sun_path + 1, socket_name + 1, UMIN(len - 1, 101));
data/uwsgi-2.0.19.1/core/socket.c:614:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sun_addr->sun_path + 1, socket_name + 2, UMIN(len - 2, 101));
data/uwsgi-2.0.19.1/core/socket.c:618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sun_addr->sun_path, socket_name, UMIN(len, 102));
data/uwsgi-2.0.19.1/core/socket.c:631:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin_addr->sin_port = htons(atoi(port + 1));
data/uwsgi-2.0.19.1/core/socket.c:749:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(afa.af_name, "dataready");
data/uwsgi-2.0.19.1/core/socket.c:1013:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int shared_socket = atoi(uwsgi_sock->name + 1);
data/uwsgi-2.0.19.1/core/socket.c:1028:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi_add_socket_from_fd(uwsgi_sock, atoi(name + 5));
data/uwsgi-2.0.19.1/core/socket.c:1110:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(uwsgi_sock->name + 5) == fd) {
data/uwsgi-2.0.19.1/core/socket.c:1127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char computed_port[6];
data/uwsgi-2.0.19.1/core/socket.c:1129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4a[INET_ADDRSTRLEN + 1];
data/uwsgi-2.0.19.1/core/socket.c:1168:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(uwsgi_sock->name + 5) == fd) {
data/uwsgi-2.0.19.1/core/socket.c:1194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char computed_port[6];
data/uwsgi-2.0.19.1/core/socket.c:1196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6a[INET6_ADDRSTRLEN + 1];
data/uwsgi-2.0.19.1/core/socket.c:1228:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(uwsgi_sock->name + 5) == fd) {
data/uwsgi-2.0.19.1/core/socket.c:1505:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zerg_fd_ptr, &uwsgi_sock->fd, sizeof(int));
data/uwsgi-2.0.19.1/core/socket.c:1516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zerg_fd_ptr, sockets, sizeof(int) * num_sockets);
data/uwsgi-2.0.19.1/core/socket.c:1538:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin_addr->sin6_port = htons(atoi(port + 1));
data/uwsgi-2.0.19.1/core/socket.c:1679:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w = atoi(p);
data/uwsgi-2.0.19.1/core/socket.c:1818:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/null", O_RDONLY);
data/uwsgi-2.0.19.1/core/spooler.c:284:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/spooler.c:412:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open("/dev/null", O_RDONLY);
data/uwsgi-2.0.19.1/core/spooler.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spool_buf[0xffff];
data/uwsgi-2.0.19.1/core/spooler.c:619:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spool_fd = open(task, O_RDWR);
data/uwsgi-2.0.19.1/core/ssl.c:38:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/uwsgi-2.0.19.1/core/ssl.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session_blob[4096];
data/uwsgi-2.0.19.1/core/ssl.c:190:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR);
data/uwsgi-2.0.19.1/core/ssl.c:429:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssloptions |= atoi(usl->value);
data/uwsgi-2.0.19.1/core/ssl.c:461:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *kf = fopen(keyfile, "r");
data/uwsgi-2.0.19.1/core/static.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + *filename_len, ".br\0", 4);
data/uwsgi-2.0.19.1/core/static.c:60:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + *filename_len, ".gz\0", 4);
data/uwsgi-2.0.19.1/core/static.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires[31];
data/uwsgi-2.0.19.1/core/static.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires[31];
data/uwsgi-2.0.19.1/core/static.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires[31];
data/uwsgi-2.0.19.1/core/static.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires[31];
data/uwsgi-2.0.19.1/core/static.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir + len, file, file_len);
data/uwsgi-2.0.19.1/core/static.c:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir + len + 1, file, file_len);
data/uwsgi-2.0.19.1/core/static.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char http_last_modified[49];
data/uwsgi-2.0.19.1/core/static.c:565:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(real_filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/static.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_filename[PATH_MAX + 1];
data/uwsgi-2.0.19.1/core/static.c:604:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(real_filename, item, item_len);
data/uwsgi-2.0.19.1/core/stats.c:450:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/stats.c:576:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, uc->buffer+4, uwsgi.buffer_size);
data/uwsgi-2.0.19.1/core/strings.c:176:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + len, item, tlen);
data/uwsgi-2.0.19.1/core/strings.c:196:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:197:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:214:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:215:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one) + strlen(two) + strlen(three), four, strlen(four));
data/uwsgi-2.0.19.1/core/strings.c:231:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:233:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, s1);
data/uwsgi-2.0.19.1/core/strings.c:249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1, two, s2);
data/uwsgi-2.0.19.1/core/strings.c:264:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, s1);
data/uwsgi-2.0.19.1/core/strings.c:265:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1, two, s2);
data/uwsgi-2.0.19.1/core/strings.c:281:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, s1);
data/uwsgi-2.0.19.1/core/strings.c:282:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1, two, s2);
data/uwsgi-2.0.19.1/core/strings.c:283:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1 + s2, three, s3);
data/uwsgi-2.0.19.1/core/strings.c:298:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, one, s1);
data/uwsgi-2.0.19.1/core/strings.c:299:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1, two, s2);
data/uwsgi-2.0.19.1/core/strings.c:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1 + s2, three, s3);
data/uwsgi-2.0.19.1/core/strings.c:301:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + s1 + s2 + s3, four, s4);
data/uwsgi-2.0.19.1/core/strings.c:341:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + len, item, strlen(item));
data/uwsgi-2.0.19.1/core/strings.c:359:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s, len);
data/uwsgi-2.0.19.1/core/subscription.c:480:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->notify, usr->notify, usr->notify_len);
data/uwsgi-2.0.19.1/core/subscription.c:485:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->name, usr->address, usr->address_len);
data/uwsgi-2.0.19.1/core/subscription.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/uwsgi-2.0.19.1/core/subscription.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_slot->key, usr->key, usr->keylen);
data/uwsgi-2.0.19.1/core/subscription.c:551:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_slot->nodes->notify, usr->notify, usr->notify_len);
data/uwsgi-2.0.19.1/core/subscription.c:554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_slot->nodes->name, usr->address, usr->address_len);
data/uwsgi-2.0.19.1/core/subscription.c:582:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/uwsgi-2.0.19.1/core/subscription.c:645:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
udp_addr.sin_port = htons(atoi(udp_port + 1));
data/uwsgi-2.0.19.1/core/subscription.c:684:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modifier1 = atoi(uwsgi.subscribe_with_modifier1);
data/uwsgi-2.0.19.1/core/subscription.c:783:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usl->custom = atoi(usl->value);
data/uwsgi-2.0.19.1/core/subscription.c:803:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *kf = fopen(keyfile, "r");
data/uwsgi-2.0.19.1/core/subscription.c:898:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct uwsgi_socket *us = uwsgi_get_shared_socket_by_num(atoi(socket_name + 1));
data/uwsgi-2.0.19.1/core/subscription.c:1035:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi.weight = atoi(s2_weight);
data/uwsgi-2.0.19.1/core/subscription.c:1039:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct uwsgi_socket *us = uwsgi_get_socket_by_num(atoi(s2_socket));
data/uwsgi-2.0.19.1/core/subscription.c:1052:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modifier1 = atoi(s2_modifier1);
data/uwsgi-2.0.19.1/core/subscription.c:1056:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modifier2 = atoi(s2_modifier2);
data/uwsgi-2.0.19.1/core/utils.c:232:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cgroup = fopen(cgroup_taskfile, "w");
data/uwsgi-2.0.19.1/core/utils.c:260:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cgroup = fopen(cgroup_taskfile, "w");
data/uwsgi-2.0.19.1/core/utils.c:805:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&semid, uli->lock_ptr, sizeof(int));
data/uwsgi-2.0.19.1/core/utils.c:867:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ags_list[g_pos] = atoi(usl->value);
data/uwsgi-2.0.19.1/core/utils.c:1249:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/proc/self/maps", O_RDONLY);
data/uwsgi-2.0.19.1/core/utils.c:1322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/uwsgi-2.0.19.1/core/utils.c:1324:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/utils.c:1744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, ptr, p - ptr);
data/uwsgi-2.0.19.1/core/utils.c:1746:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ptr, with, with_len);
data/uwsgi-2.0.19.1/core/utils.c:1988:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(p) == num) {
data/uwsgi-2.0.19.1/core/utils.c:2409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/uwsgi-2.0.19.1/core/utils.c:2421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/uwsgi-2.0.19.1/core/utils.c:2499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/uwsgi-2.0.19.1/core/utils.c:2550:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int in_fd = open("/dev/null", O_RDONLY);
data/uwsgi-2.0.19.1/core/utils.c:2630:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_uid = atoi(owner);
data/uwsgi-2.0.19.1/core/utils.c:2644:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_gid = atoi(colon + 1);
data/uwsgi-2.0.19.1/core/utils.c:3009:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cap_id = atoi(p);
data/uwsgi-2.0.19.1/core/utils.c:3262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2];
data/uwsgi-2.0.19.1/core/utils.c:3457:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.workers[i].apps[id], &uwsgi.workers[0].apps[id], sizeof(struct uwsgi_app));
data/uwsgi-2.0.19.1/core/utils.c:3562:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(tmpdir, O_TMPFILE | O_RDWR, S_IRUSR | S_IWUSR);
data/uwsgi-2.0.19.1/core/utils.c:3569:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(template);
data/uwsgi-2.0.19.1/core/utils.c:3584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uwsgi-2.0.19.1/core/utils.c:3586:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen(filename, "r");
data/uwsgi-2.0.19.1/core/utils.c:3615:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.workers[i].apps[id], &uwsgi.workers[0].apps[id], sizeof(struct uwsgi_app));
data/uwsgi-2.0.19.1/core/utils.c:3622:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfile = fopen(filename, "w");
data/uwsgi-2.0.19.1/core/utils.c:3674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/utils.c:3730:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/core/utils.c:3967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/core/utils.c:4055:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom", O_RDONLY);
data/uwsgi-2.0.19.1/core/utils.c:4247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "HTTP_", 5);
data/uwsgi-2.0.19.1/core/utils.c:4293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uwsgi_hex_table[pos], 2);
data/uwsgi-2.0.19.1/core/uwsgi.c:1074:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(minimal_name, fullname, strlen(fullname));
data/uwsgi-2.0.19.1/core/uwsgi.c:1505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime_storage[26];
data/uwsgi-2.0.19.1/core/uwsgi.c:1694:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kill((pid_t) atoi(buffer), sig)) {
data/uwsgi-2.0.19.1/core/uwsgi.c:1717:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp_signal = atoi(colon + 1);
data/uwsgi-2.0.19.1/core/uwsgi.c:3353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *w_argv[2];
data/uwsgi-2.0.19.1/core/uwsgi.c:3410:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *w_argv[2];
data/uwsgi-2.0.19.1/core/uwsgi.c:3526:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rm_src = atoi(map);
data/uwsgi-2.0.19.1/core/uwsgi.c:3527:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rm_dst = atoi(colon + 1);
data/uwsgi-2.0.19.1/core/uwsgi.c:3676:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.options[pos], op, sizeof(struct uwsgi_option));
data/uwsgi-2.0.19.1/core/uwsgi.c:3684:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.options[pos], uwsgi.p[i]->options, sizeof(struct uwsgi_option) * c);
data/uwsgi-2.0.19.1/core/uwsgi.c:3692:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.options[pos], uwsgi.gp[i]->options, sizeof(struct uwsgi_option) * c);
data/uwsgi-2.0.19.1/core/uwsgi.c:3744:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(uwsgi.short_options, "::");
data/uwsgi-2.0.19.1/core/uwsgi.c:3950:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) gid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:3980:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) uid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4003:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4014:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr = atoi((char *) value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4028:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) uid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4047:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) gid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4067:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr = atoi((char *) value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4334:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
exit_code = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4348:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) uwsgi.uid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4354:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_a_number(value)) uwsgi.gid = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4557:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwsgi.zerg[pos], zerg, (sizeof(int) * count + 1));
data/uwsgi-2.0.19.1/core/uwsgi.c:4633:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uwsgi.max_vars = atoi(value);
data/uwsgi-2.0.19.1/core/uwsgi.c:4784:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDWR);
data/uwsgi-2.0.19.1/core/uwsgi.c:4798:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDWR);
data/uwsgi-2.0.19.1/core/uwsgi.c:4914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/core/websockets.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1[20];
data/uwsgi-2.0.19.1/core/writer.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(UMAX64_STR)+1];
data/uwsgi-2.0.19.1/core/writer.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires[31];
data/uwsgi-2.0.19.1/core/writer.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[31];
data/uwsgi-2.0.19.1/core/writer.c:39:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lm[31];
data/uwsgi-2.0.19.1/core/writer.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6+(sizeof(UMAX64_STR)*3)+4];
data/uwsgi-2.0.19.1/core/writer.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_str[11];
data/uwsgi-2.0.19.1/core/xmlconf.c:184:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strcmp((char *) xml_id, attrs[1]))
data/uwsgi-2.0.19.1/core/zlib.c:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gzheader[10] = { 0x1f, 0x8b, Z_DEFLATED, 0, 0, 0, 0, 0, 0, 3 };
data/uwsgi-2.0.19.1/core/zlib.c:54:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[8192];
data/uwsgi-2.0.19.1/lib/linux_ns.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[PTHREAD_STACK_MIN];
data/uwsgi-2.0.19.1/lib/linux_ns.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uwsgi-2.0.19.1/lib/linux_ns.c:236:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procmounts = fopen("/proc/self/mounts", "r");
data/uwsgi-2.0.19.1/lib/netlink.c:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &ia.s_addr, 4);
data/uwsgi-2.0.19.1/lib/netlink.c:147:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &oa.s_addr, 4);
data/uwsgi-2.0.19.1/lib/netlink.c:153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &ga.s_addr, 4);
data/uwsgi-2.0.19.1/lib/netlink.c:182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &ia.s_addr, 4);
data/uwsgi-2.0.19.1/lib/netlink.c:188:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &zero, 4);
data/uwsgi-2.0.19.1/lib/netlink.c:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &index, sizeof(int));
data/uwsgi-2.0.19.1/lib/netlink.c:223:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &ia, sizeof(struct in_addr));
data/uwsgi-2.0.19.1/lib/netlink.c:229:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &ia, sizeof(struct in_addr));
data/uwsgi-2.0.19.1/lib/netlink.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), &pid, sizeof(pid_t));
data/uwsgi-2.0.19.1/lib/netlink.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), "veth", 4);
data/uwsgi-2.0.19.1/lib/netlink.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), veth1, strlen(veth1));
data/uwsgi-2.0.19.1/lib/netlink.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), veth0, strlen(veth0));
data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c:25:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curl_easy_setopt(curl, option, atoi(arg));
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:50:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curl_easy_setopt(curl, option, atoi(arg));
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:121:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uac->hdr + uac->pos, uac->hlen - uac->pos);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uac->hdr + uac->pos, remains);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uac->body + uac->pos - uac->hlen, uac->blen + uac->hlen - uac->pos);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, uac->body + uac->pos - uac->hlen, remains);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, "To: ", 4); addr += 4;
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, uacc->to, strlen(uacc->to)); addr += strlen(uacc->to);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, "Subject: ", 9); addr += 9;
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, uacc->subject, strlen(uacc->subject)); addr += strlen(uacc->subject);
data/uwsgi-2.0.19.1/plugins/cache/cache.c:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/uwsgi-2.0.19.1/plugins/carbon/carbon.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[4096];
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:431:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, part, part_size-1);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:463:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, part, part_size-1);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:517:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_path, docroot, docroot_len);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:539:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_path, tmp_path, full_path_len+1);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:586:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_path+full_path_len, ci->value, ci->len + 1);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:789:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(dent->d_name);
data/uwsgi-2.0.19.1/plugins/cheaper_busyness/cheaper_busyness.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/plugins/cheaper_busyness/cheaper_busyness.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[4096];
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:148:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ucr->socket_num = atoi(value);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:232:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ucr->code_string_modifier1 = atoi(cs);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:616:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->client_sockaddr, cr_addr, cr_addr_len);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:621:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->client_address, "0.0.0.0", 7);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:631:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->client_address, "0.0.0.0", 7);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:639:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->client_address, "0.0.0.0", 7);
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[0xff];
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *magic_table[256];
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_address[INET6_ADDRSTRLEN];
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_address[INET_ADDRSTRLEN];
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_port[11];
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:20:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int shared_socket = atoi(ugs->name + 1);
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:32:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd_socket = atoi(ugs->name + 5);
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[4096];
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[4096];
data/uwsgi-2.0.19.1/plugins/coroae/coroae.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_short, ptr, 2);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_long, ptr, 4);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullbody+current_size, message, fh.size);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, val, vallen);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:82:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, val, vallen);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:91:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, val, vallen);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/uwsgi-2.0.19.1/plugins/forkptyrouter/forkptyrouter.c:261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/uwsgi-2.0.19.1/plugins/gccgo/gccgo_plugin.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, rlen);
data/uwsgi-2.0.19.1/plugins/gccgo/gccgo_plugin.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2] = {0,0};
data/uwsgi-2.0.19.1/plugins/geoip/geoip.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_str[16];
data/uwsgi-2.0.19.1/plugins/geoip/geoip.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lonlat[64];
data/uwsgi-2.0.19.1/plugins/geoip/geoip.c:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip_str, wsgi_req->remote_addr, wsgi_req->remote_addr_len);
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:30:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:100:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (glfs_set_volfile_server((glfs_t *)ua->interpreter, "tcp", node, atoi(colon+1))) {
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX+1];
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/graylog2/graylog2_plugin.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json_buf[MAX_GELF];
data/uwsgi-2.0.19.1/plugins/graylog2/graylog2_plugin.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escaped_buf[MAX_GELF];
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char http_last_modified[49];
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:174:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ugm->timeout = atoi(ugm->timeout_str);
data/uwsgi-2.0.19.1/plugins/http/common.h:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stud_prefix[17];
data/uwsgi-2.0.19.1/plugins/http/http.c:146:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, val, vallen);
data/uwsgi-2.0.19.1/plugins/http/http.c:176:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, val, vallen);
data/uwsgi-2.0.19.1/plugins/http/http.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, uwsgi.hostname, uwsgi.hostname_len);
data/uwsgi-2.0.19.1/plugins/http/http.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, hr->path_info + 7, peer->key_len);
data/uwsgi-2.0.19.1/plugins/http/http.c:959:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&main_peer->session->client_sockaddr.sa_in.sin_addr, hr->stud_prefix + 1, 4);
data/uwsgi-2.0.19.1/plugins/http/https.c:185:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, servername, peer->key_len) ;
data/uwsgi-2.0.19.1/plugins/http/keepalive.c:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gzheader[10] = { 0x1f, 0x8b, Z_DEFLATED, 0, 0, 0, 0, 0, 0, 3 };
data/uwsgi-2.0.19.1/plugins/http/spdy3.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, "HTTP_", 5);
data/uwsgi-2.0.19.1/plugins/http/spdy3.c:560:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_peer->key, new_peer->out->buf + (new_peer->out->pos - v_len), v_len);
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, chunk, rlen);
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, chunk, rlen);
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:375:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(c_filename, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:611:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbuf, buf, len);
data/uwsgi-2.0.19.1/plugins/jvm/jvm_plugin.c:1300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, b, rlen);
data/uwsgi-2.0.19.1/plugins/jwsgi/jwsgi_plugin.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_str[11];
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names[1024];
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:83:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, " 'uWSGI");
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldap_name[1024];
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi_val, bervalues[0]->bv_val, bervalues[0]->bv_len);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:618:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ulc->loglevel = atoi(loglevel);
data/uwsgi-2.0.19.1/plugins/libffi/libffi.c:14:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*num = atoi(what);
data/uwsgi-2.0.19.1/plugins/libffi/libffi.c:48:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **ptr = (char **) values[i];
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:52:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secret_tmp, uclc->secret, s_len);
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:64:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secret_tmp, uclc->iv, s_iv_len);
data/uwsgi-2.0.19.1/plugins/logfile/logfile.c:47:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ul->fd = open(logfile, O_RDWR | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/plugins/logfile/logfile.c:76:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ul->arg) ul->fd = atoi(ul->arg);
data/uwsgi-2.0.19.1/plugins/logzmq/plugin.c:40:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zmq_msg_data(&msg), message, len);
data/uwsgi-2.0.19.1/plugins/lua/lua_plugin.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024];
data/uwsgi-2.0.19.1/plugins/lua/lua_plugin.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, sv, sl);
data/uwsgi-2.0.19.1/plugins/matheval/math.c:15:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, wsgi_req->hvec[i-1].iov_base, wsgi_req->hvec[i-1].iov_len);
data/uwsgi-2.0.19.1/plugins/matheval/math.c:20:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, wsgi_req->hvec[i].iov_base, wsgi_req->hvec[i].iov_len);
data/uwsgi-2.0.19.1/plugins/matheval/math.c:28:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key, keylen); ptr += keylen;
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:72:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wsgi_req->post_file = fopen(json_val, "r");
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:131:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wsgi_req->post_cl = atoi(json_val);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:237:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wsgi_req->post_file = fopen(post_filename, "r");
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, wsgi_req->proto_parser_buf + wsgi_req->proto_parser_buf_size + wsgi_req->proto_parser_status, len);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->proto_parser_buf, req_uuid, req_uuid_len);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) wsgi_req->proto_parser_buf + req_uuid_len + 1 + resp_id_len + 1, req_id, req_id_len);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) wsgi_req->proto_parser_buf + req_uuid_len + 1 + resp_id_len + 1 + req_id_len, ", ", 2);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:455:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsgi_req->proto_parser_buf + wsgi_req->proto_parser_buf_size, message_ptr, wsgi_req->post_cl);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zmq_body, wsgi_req->proto_parser_buf, wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:491:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zmq_body + wsgi_req->proto_parser_pos, buf, len);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_code[4];
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:202:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(mono_string_to_utf8(filename), O_RDONLY);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, chunk, rlen);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, value, vallen);
data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c:328:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftime[64];
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[4];
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, rlen);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path_translated, wsgi_req->file, wsgi_req->file_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path_translated + wsgi_req->file_len, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi_sapi_module.ini_entries + uphp.ini_size, file_content, file_size);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi_sapi_module.ini_entries + uphp.ini_size, opt, strlen(opt));
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[path_len];
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, filename, path_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:745:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, part, part_size-1);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:775:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, part, part_size-1);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_filename[PATH_MAX+1];
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:855:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qs, uphp.app_qs, app_qs_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:856:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qs+app_qs_len, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:860:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr+1, wsgi_req->query_string, wsgi_req->query_string_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:899:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_qs, uphp.fallback_qs, fqs_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:901:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_qs + fqs_len + 1, orig_path_info, orig_path_info_len);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:904:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_qs + fqs_len + 2 + orig_path_info_len,
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:984:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(real_filename+real_filename_len, upi->value, upi->len + 1);
data/uwsgi-2.0.19.1/plugins/php/session.c:28:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_val, value, valsize);
data/uwsgi-2.0.19.1/plugins/psgi/psgi.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *embedding[3];
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, orig, orig_len);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf + offset, buf, rlen);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:162:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf + orig_offset, orig, orig_len);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:164:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf + offset, buf, rlen);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c:901:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, value, rlen);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_response.c:137:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(SvPV_nolen(p), O_RDONLY);
data/uwsgi-2.0.19.1/plugins/psgi/uwsgi_plmodule.c:353:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/psgi/uwsgi_plmodule.c:386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/pty/pty.c:132:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/pty/pty.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uwsgi_pkt[8];
data/uwsgi-2.0.19.1/plugins/pty/pty.c:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/python/pump_subhandler.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc[4];
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char venv_version[15];
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:446:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pyfile = fopen(filename, "r");
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:462:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pyfile = fopen(real_filename, "r");
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, rv, rl);
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1780:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.p[30], uwsgi.p[0], sizeof(struct uwsgi_plugin) );
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1793:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pyfile = fopen(up.pyrun, "r");
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1897:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1980:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pyfile = fopen(up.worker_override, "r");
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:178:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, PyString_AsString(key), keysize);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, PyString_AsString(val), valsize);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:787:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:798:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:865:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->warning_message, message, 80);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:869:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->warning_message, message, len);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[65536];
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1897:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abs_path, uspool->dir, strlen(uspool->dir));
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1898:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abs_path + strlen(uspool->dir), "/", 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1899:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abs_path + strlen(uspool->dir) + 1, dp->d_name, strlen(dp->d_name));
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2072:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spool_buf[0xffff];
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2097:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spool_fd = open(task_path, O_RDWR);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2449:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2505:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&strsize, ptrbuf, 2);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, message, size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3071:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, message, size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3112:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, message, size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3165:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, message, size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(queue_items[item_pos], message, size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3870:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->snmp_community, snmp_community, 72);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3873:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->snmp_community, snmp_community, strlen(snmp_community) + 1);
data/uwsgi-2.0.19.1/plugins/rack/rack_api.c:100:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->warning_message, message, 80);
data/uwsgi-2.0.19.1/plugins/rack/rack_api.c:104:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwsgi.shared->warning_message, message, len);
data/uwsgi-2.0.19.1/plugins/rack/rack_api.c:810:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:348:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, rv, rl);
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:959:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(RSTRING_PTR(sendfile_path), O_RDONLY);
data/uwsgi-2.0.19.1/plugins/rados/rados.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/rados/rados.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/uwsgi-2.0.19.1/plugins/rados/rados.c:338:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
urmp->timeout = atoi(urmp->str_timeout);
data/uwsgi-2.0.19.1/plugins/rados/rados.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsid[37];
data/uwsgi-2.0.19.1/plugins/rados/rados.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX+1];
data/uwsgi-2.0.19.1/plugins/rados/rados.c:482:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, wsgi_req->path_info+ua->mountpoint_len, wsgi_req->path_info_len-ua->mountpoint_len);
data/uwsgi-2.0.19.1/plugins/rados/rados.c:486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/rawrouter/rawrouter.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, cs->ugs->name, cs->ugs->name_len);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgsize[11];
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[8];
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setup_buf[4096];
data/uwsgi-2.0.19.1/plugins/ring/ring_plugin.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_str[11];
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1[20];
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:44:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *htpasswd = fopen(filename, "r");
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:360:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
urcc->status = atoi(urcc->status_str);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:66:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expires += atoi(ub->buf);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expires_str[7 + 2 + 31];
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expires_str, "Expires: ", 9);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MEMCACHED_BUFSIZE];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char access_request[4096];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[4096];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_hash[16];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authenticator[16];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pwd16_buf, password, password_len);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, urc->secret, urc->secret_len);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash + urc->secret_len, md5, 16);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(access_request + 4, authenticator, 16);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(access_request + (4 + 16 + 2), username, username_len);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_authenticator[16];
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response_authenticator, access_request+4, 16);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(access_request+rlen, urc->secret, urc->secret_len);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(access_request+4, authenticator, 16);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&urc->nas_address, he->h_addr_list[0], 4);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[REDIS_BUFSIZE];
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:55:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(ub->buf, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:126:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(ub->buf, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:196:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(ub->buf, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:127:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uh->modifier1 = atoi(comma1+1);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:128:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uh->modifier2 = atoi(comma2+1);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:142:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uh->modifier1 = atoi(comma1+1);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:143:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uh->modifier2 = atoi(comma2+1);
data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[20];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:285:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:336:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:391:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:446:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:501:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[UMAX8];
data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[7];
data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/uwsgi-2.0.19.1/plugins/rsyslog/rsyslog_plugin.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime_storage[26];
data/uwsgi-2.0.19.1/plugins/rsyslog/rsyslog_plugin.c:56:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ul->count = atoi(prisev+1);
data/uwsgi-2.0.19.1/plugins/rsyslog/rsyslog_plugin.c:66:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portn = atoi(port+1);
data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c:292:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, cs->ugs->name, cs->ugs->name_len);
data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c:300:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->key, servername, peer->key_len);
data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c:24:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uspi->freq = atoi(uspic->freq);
data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c:29:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(uspic->path, O_RDWR | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/plugins/stats_pusher_mongodb/stats_pusher_mongodb.cc:32:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (spmc->freq) uspi->freq = atoi(spmc->freq);
data/uwsgi-2.0.19.1/plugins/stats_pusher_statsd/plugin.c:28:98: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int statsd_send_metric(struct uwsgi_buffer *ub, struct uwsgi_stats_pusher_instance *uspi, char *metric, size_t metric_len, int64_t value, char type[2]) {
data/uwsgi-2.0.19.1/plugins/stats_pusher_statsd/plugin.c:28:146: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int statsd_send_metric(struct uwsgi_buffer *ub, struct uwsgi_stats_pusher_instance *uspi, char *metric, size_t metric_len, int64_t value, char type[2]) {
data/uwsgi-2.0.19.1/plugins/transformation_tofile/tofile.c:31:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(uttc->filename->buf, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:193:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET_ADDRSTRLEN + 1];
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:204:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uttp->ip, ip, INET_ADDRSTRLEN + 1);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uttp->rules, uttp->buf, uttp->buf_pktsize);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uttr->write_buf, uttp->buf, uttp->buf_pktsize);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:348:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(UWSGI_TUNTAP_DEVICE, O_RDWR);
data/uwsgi-2.0.19.1/plugins/tuntap/common.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET_ADDRSTRLEN+1];
data/uwsgi-2.0.19.1/plugins/tuntap/common.h:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[4];
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:204:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_mask = atoi(slash+1);
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:218:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dst_mask = atoi(slash+1);
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:256:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_mask = atoi(slash+1);
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:267:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dst_mask = atoi(slash+1);
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:286:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
utfr->dest_addr.sin_port = htons(atoi(colon+1));
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:324:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
utpr.src_mask = (0xffffffff << ((atoi(slash+1))-32));
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:336:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
utpr.dst_mask = (0xffffffff << ((atoi(slash+1))-32));
data/uwsgi-2.0.19.1/plugins/tuntap/firewall.c:380:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
utpr.target_port = htons(atoi(colon+1));
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:129:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 4, uttr->buf, rlen);
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:282:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 4, uttr->buf, rlen);
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:339:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 4, uttr->gateway_buf, rlen);
data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_str[11];
data/uwsgi-2.0.19.1/plugins/v8/v8_uwsgi.cc:291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buffer, *r_value, rlen);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[31];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:510:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + filename_len, last_slash, (item_len - (last_slash - item)));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:736:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:811:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1024:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1088:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1089:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX+1];
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stylesheet[PATH_MAX+1];
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:204:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stylesheet, value, rlen);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:222:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stylesheet, tmp_path, stylesheet_len);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:237:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stylesheet, tmp_path, stylesheet_len);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:246:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stylesheet, tmp_path, stylesheet_len);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stylesheet, usl->value, usl->len);
data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c:150:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(zabbix_template, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP);
data/uwsgi-2.0.19.1/proto/base.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "HTTP_", 5);
data/uwsgi-2.0.19.1/proto/base.c:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key, keylen);
data/uwsgi-2.0.19.1/proto/base.c:50:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key, keylen);
data/uwsgi-2.0.19.1/proto/base.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, vallen);
data/uwsgi-2.0.19.1/proto/base.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key, keylen);
data/uwsgi-2.0.19.1/proto/base.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, vallen);
data/uwsgi-2.0.19.1/proto/base.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/uwsgi-2.0.19.1/proto/base.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, wsgi_req->proto_parser_remains_buf, remains);
data/uwsgi-2.0.19.1/proto/base.c:372:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, wsgi_req->proto_parser_remains_buf, remains);
data/uwsgi-2.0.19.1/proto/fastcgi.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, wsgi_req->proto_parser_remains_buf, remains);
data/uwsgi-2.0.19.1/proto/fastcgi.c:194:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, wsgi_req->proto_parser_buf + sizeof(struct fcgi_record), remains);
data/uwsgi-2.0.19.1/proto/fastcgi.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/uwsgi-2.0.19.1/proto/fastcgi.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_request[24];
data/uwsgi-2.0.19.1/proto/fastcgi.c:302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(end_request, FCGI_END_REQUEST, 24);
data/uwsgi-2.0.19.1/proto/http.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, "HTTP_", 5);
data/uwsgi-2.0.19.1/proto/http.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, hh, keylen - 5);
data/uwsgi-2.0.19.1/proto/http.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, hh, keylen);
data/uwsgi-2.0.19.1/proto/http.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, hv, hvlen);
data/uwsgi-2.0.19.1/proto/http.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET6_ADDRSTRLEN+1];
data/uwsgi-2.0.19.1/proto/http.c:312:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s6[4];
data/uwsgi-2.0.19.1/proto/http.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr_parts.s6, &http_sin->sin6_addr.s6_addr[12], 4);
data/uwsgi-2.0.19.1/uwsgi.h:643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[37];
data/uwsgi-2.0.19.1/uwsgi.h:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lord_uuid[36];
data/uwsgi-2.0.19.1/uwsgi.h:662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[37];
data/uwsgi-2.0.19.1/uwsgi.h:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lord_uuid[36];
data/uwsgi-2.0.19.1/uwsgi.h:988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[37];
data/uwsgi-2.0.19.1/uwsgi.h:1105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mountpoint[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:1134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chdir[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char touch_reload[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:1151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX];
data/uwsgi-2.0.19.1/uwsgi.h:1321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/uwsgi-2.0.19.1/uwsgi.h:1323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[256];
data/uwsgi-2.0.19.1/uwsgi.h:1642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:1757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/uwsgi-2.0.19.1/uwsgi.h:2463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *magic_table[256];
data/uwsgi-2.0.19.1/uwsgi.h:2854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UMAX8];
data/uwsgi-2.0.19.1/uwsgi.h:2864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char receiver[64];
data/uwsgi-2.0.19.1/uwsgi.h:2921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning_message[81];
data/uwsgi-2.0.19.1/uwsgi.h:2925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_community[72 + 1];
data/uwsgi-2.0.19.1/uwsgi.h:3059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:3085:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:3098:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:3688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:3719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notify[102];
data/uwsgi-2.0.19.1/uwsgi.h:3728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[0xff];
data/uwsgi-2.0.19.1/uwsgi.h:4183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0xff];
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:255:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bwrite(s, buf, strlen(buf));
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:397:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(uri) - strlen(path_info);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:397:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(uri) - strlen(path_info);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:507:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(hdrs[i].key);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:508:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(hdrs[i].val);
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:524:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = bputh(s, strlen(hdrs[i].key)); /* length */
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:528:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = bputh(s, strlen(hdrs[i].val)); /* length */
data/uwsgi-2.0.19.1/apache2/mod_Ruwsgi.c:779:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(path);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:83:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:152:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apr_table_set(r->subprocess_env, "SCRIPT_NAME", apr_pstrndup(r->pool, script_name, strlen(script_name)-strlen(path_info)));
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:152:116: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apr_table_set(r->subprocess_env, "SCRIPT_NAME", apr_pstrndup(r->pool, script_name, strlen(script_name)-strlen(path_info)));
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:165:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val) ;
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:165:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val) ;
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:173:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(env[j].key);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:178:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vallen = strlen(env[j].val);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:365:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (end = &value[strlen(value)-1]; end > value && apr_isspace(*end); --end) *end = '\0';
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:472:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t w_len = strlen(worker->s->name);
data/uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c:474:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t w_len = strlen(worker->name);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:110:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec[i+2].iov_len = strlen(key) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:113:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec[i+1].iov_len = strlen(key) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:130:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec[i+5].iov_len = strlen(value) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:133:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec[i+3].iov_len = strlen(value) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:166:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->addr_size = strlen(DEFAULT_SOCK) + ( (void *)&c->s_addr.u_addr.sun_path - (void *)&c->s_addr ) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:183:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->addr_size = strlen(DEFAULT_SOCK) + ( (void *)&c->s_addr.u_addr.sun_path - (void *)&c->s_addr ) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:193:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c->script_name, dir, 255);
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:382:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vecptr = uwsgi_add_var(uwsgi_vars, vecptr, r, "PATH_INFO", r->uri+strlen(c->script_name), &pkt_size) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:587:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(location) <= 255 && location[0] == '/') {
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:601:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scheme) < 9 & strlen(scheme) > 0) {
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:601:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scheme) < 9 & strlen(scheme) > 0) {
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:712:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(path) < 104) {
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:714:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->addr_size2 = strlen(path) + ( (void *)&c->s_addr.u_addr.sun_path - (void *)&c->s_addr ) ;
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:745:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(path) < 104) {
data/uwsgi-2.0.19.1/apache2/mod_uwsgi.c:747:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->addr_size = strlen(path) + ( (void *)&c->s_addr.u_addr.sun_path - (void *)&c->s_addr ) ;
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:44:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (connect(uwsgi_socket, (struct sockaddr *) &s_addr, strlen(UWSGI_SOCK) + ( (void *)&s_addr.sun_path - (void *)&s_addr) ) != 0) {
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:63:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (unsigned short) (env+strlen(env) - (place_holder+1));
data/uwsgi-2.0.19.1/contrib/uwsgi_client.c:81:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (cnt = read(0, message, 4096)) ) {
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:44:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (connect(uwsgi_socket, (struct sockaddr *) &s_addr, strlen(UWSGI_SOCK) + ( (void *)&s_addr.sun_path - (void *)&s_addr) ) != 0) {
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:66:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (unsigned short) (env+strlen(env) - (place_holder+1));
data/uwsgi-2.0.19.1/contrib/uwsgi_dynamic_client.c:82:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (cnt = read(0, message, 4096)) ) {
data/uwsgi-2.0.19.1/core/alarm.c:20:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uai->arg && strlen(uai->arg) > 0) {
data/uwsgi-2.0.19.1/core/alarm.c:28:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uai->arg && strlen(uai->arg) > 0) {
data/uwsgi-2.0.19.1/core/alarm.c:227:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(ut->pipe[1], buf, uwsgi.alarm_msg_size + sizeof(long));
data/uwsgi-2.0.19.1/core/alarm.c:248:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(uafd->fd, uafd->buf + (uafd->buf_len-remains), remains);
data/uwsgi-2.0.19.1/core/alarm.c:324:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_add_alarm_fd(fd, usl->value, buf_len, space1+1, strlen(space1+1));
data/uwsgi-2.0.19.1/core/buffer.c:250:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return uwsgi_buffer_append(ub, ip, strlen(ip));
data/uwsgi-2.0.19.1/core/buffer.c:402:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, ub->buf, st.st_size);
data/uwsgi-2.0.19.1/core/cache.c:1060:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(interesting_fd, buf, UMAX16);
data/uwsgi-2.0.19.1/core/cache.c:1244:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uc->name_len = strlen(uc->name);
data/uwsgi-2.0.19.1/core/cache.c:1287:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(arg, strlen(arg), ',', '=',
data/uwsgi-2.0.19.1/core/cache.c:1337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uc->name_len = strlen(c_name);
data/uwsgi-2.0.19.1/core/config.c:123:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:127:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:131:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/config.c:147:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:151:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:155:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/config.c:174:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:178:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:182:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/config.c:198:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:202:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/config.c:206:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/config.c:612:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen(value);
data/uwsgi-2.0.19.1/core/config.c:651:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal)
data/uwsgi-2.0.19.1/core/config.c:860:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/core/config.c:870:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_opt = uwsgi_concat2n(value, (equal-value)+1, ip, strlen(ip));
data/uwsgi-2.0.19.1/core/cookie.c:36:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) return NULL;
data/uwsgi-2.0.19.1/core/cron.c:95:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(value, strlen(value), ',', '=',
data/uwsgi-2.0.19.1/core/cron.c:110:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_str_contains(value, strlen(value), '=')) {
data/uwsgi-2.0.19.1/core/daemons.c:169:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, pidstr, st.st_size) != st.st_size) {
data/uwsgi-2.0.19.1/core/daemons.c:444:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(opt, strlen(command), "legion-", 7)) {
data/uwsgi-2.0.19.1/core/daemons.c:537:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(arg, strlen(arg), ',', '=',
data/uwsgi-2.0.19.1/core/daemons.c:613:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char **argv = uwsgi_split_quoted(d_touch, strlen(d_touch), ";", &rlen);
data/uwsgi-2.0.19.1/core/emperor.c:81:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(us.sa_un.sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/emperor.c:82:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr_len = strlen(socket_name) + ((void *) us.sa_un.sun_path - (void *) &us.sa_un);
data/uwsgi-2.0.19.1/core/emperor.c:206:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 0xff) {
data/uwsgi-2.0.19.1/core/emperor.c:252:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return uwsgi_concat4n(uwsgi.emperor_on_demand_directory, strlen(uwsgi.emperor_on_demand_directory), "/", 1, start_of_vassal_name, last_dot - start_of_vassal_name, ".socket", 7);
data/uwsgi-2.0.19.1/core/emperor.c:835:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > (0xff - 1)) {
data/uwsgi-2.0.19.1/core/emperor.c:916:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(n_ui->name, name, strlen(name));
data/uwsgi-2.0.19.1/core/emperor.c:1309:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 4), ".xml"))
data/uwsgi-2.0.19.1/core/emperor.c:1311:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 4), ".ini"))
data/uwsgi-2.0.19.1/core/emperor.c:1313:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 4), ".yml"))
data/uwsgi-2.0.19.1/core/emperor.c:1315:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 5), ".yaml"))
data/uwsgi-2.0.19.1/core/emperor.c:1317:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 3), ".js"))
data/uwsgi-2.0.19.1/core/emperor.c:1319:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(n_ui->name + (strlen(n_ui->name) - 5), ".json"))
data/uwsgi-2.0.19.1/core/emperor.c:1551:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(arg, strlen(arg), scheme, strlen(scheme))) {
data/uwsgi-2.0.19.1/core/emperor.c:1551:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(arg, strlen(arg), scheme, strlen(scheme))) {
data/uwsgi-2.0.19.1/core/emperor.c:1606:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g.gl_pathc == 1 && g.gl_pathv[0][strlen(g.gl_pathv[0]) - 1] == '/') {
data/uwsgi-2.0.19.1/core/emperor.c:1805:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(interesting_fd, &byte, 1);
data/uwsgi-2.0.19.1/core/emperor.c:2376:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_current->config_len = strlen(ui_current->config);
data/uwsgi-2.0.19.1/core/emperor.c:2388:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_config_len = strlen(new_config);
data/uwsgi-2.0.19.1/core/emperor.c:2401:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uwsgi.emperor_fd, &byte, 1);
data/uwsgi-2.0.19.1/core/event.c:1167:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(id, bie, isize);
data/uwsgi-2.0.19.1/core/event.c:1170:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(id, &ie, sizeof(struct inotify_event));
data/uwsgi-2.0.19.1/core/event.c:1302:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(id, &counter, sizeof(uint64_t));
data/uwsgi-2.0.19.1/core/exceptions.c:183:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, (char *) uwsgi.p[wsgi_req->uh->modifier1]->name, strlen(uwsgi.p[wsgi_req->uh->modifier1]->name))) goto error;
data/uwsgi-2.0.19.1/core/exceptions.c:445:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(ut->pipe[1], buf, uwsgi.exception_handler_msg_size + sizeof(long));
data/uwsgi-2.0.19.1/core/fifo.c:129:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, &cmd, 1);
data/uwsgi-2.0.19.1/core/fsmon.c:160:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(interesting_fd, ie, isize);
data/uwsgi-2.0.19.1/core/gateway.c:151:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name_len = strlen(name);
data/uwsgi-2.0.19.1/core/gateway.c:178:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name_len = strlen(uwsgi_sock->name);
data/uwsgi-2.0.19.1/core/hooks.c:57:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_alarm_trigger(arg, space+1, strlen(space+1));
data/uwsgi-2.0.19.1/core/hooks.c:104:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > 1) {
data/uwsgi-2.0.19.1/core/hooks.c:143:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:167:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:202:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:227:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:265:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/hooks.c:406:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sethostname(arg, strlen(arg));
data/uwsgi-2.0.19.1/core/hooks.c:527:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char **rargv = uwsgi_split_quoted(arg, strlen(arg), " \t", &argc);
data/uwsgi-2.0.19.1/core/hooks.c:544:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t a_len = strlen(rargv[i+1]);
data/uwsgi-2.0.19.1/core/hooks.c:621:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(space+1);
data/uwsgi-2.0.19.1/core/ini.c:16:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(line) - 1; i >= 0; i--) {
data/uwsgi-2.0.19.1/core/ini.c:30:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(line); i++) {
data/uwsgi-2.0.19.1/core/ini.c:46:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(key); i++) {
data/uwsgi-2.0.19.1/core/ini.c:141:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section[strlen(section) - 1] = 0;
data/uwsgi-2.0.19.1/core/init.c:165:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
http_sc->message_size = strlen(http_sc->message);
data/uwsgi-2.0.19.1/core/io.c:53:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, stack_buf, 4096);
data/uwsgi-2.0.19.1/core/io.c:100:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, sb.st_size);
data/uwsgi-2.0.19.1/core/io.c:184:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, uri, strlen(uri)) != (ssize_t) strlen(uri)) { uwsgi_error("uwsgi_scheme_http()/write()"); exit(1);}
data/uwsgi-2.0.19.1/core/io.c:184:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, uri, strlen(uri)) != (ssize_t) strlen(uri)) { uwsgi_error("uwsgi_scheme_http()/write()"); exit(1);}
data/uwsgi-2.0.19.1/core/io.c:189:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, domain, strlen(domain)) != (ssize_t) strlen(domain)) { uwsgi_error("uwsgi_scheme_http()/write()"); exit(1);}
data/uwsgi-2.0.19.1/core/io.c:189:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, domain, strlen(domain)) != (ssize_t) strlen(domain)) { uwsgi_error("uwsgi_scheme_http()/write()"); exit(1);}
data/uwsgi-2.0.19.1/core/io.c:198:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, &byte, 1) == 1) {
data/uwsgi-2.0.19.1/core/io.c:271:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(uwsgi.emperor_fd_config, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:294:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(uwsgi.emperor_fd_config, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:335:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, &datasize, 8);
data/uwsgi-2.0.19.1/core/io.c:359:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, datasize);
data/uwsgi-2.0.19.1/core/io.c:384:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size = strlen(s);
data/uwsgi-2.0.19.1/core/io.c:390:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buffer, s, strlen(s));
data/uwsgi-2.0.19.1/core/io.c:403:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size = strlen(s);
data/uwsgi-2.0.19.1/core/io.c:409:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buffer, s, strlen(s));
data/uwsgi-2.0.19.1/core/io.c:421:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sym_end_ptr = sym_start_ptr + strlen(sym_start_ptr);
data/uwsgi-2.0.19.1/core/io.c:549:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, sb.st_size);
data/uwsgi-2.0.19.1/core/io.c:743:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, buf, len);
data/uwsgi-2.0.19.1/core/io.c:762:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(src, buf, 8192);
data/uwsgi-2.0.19.1/core/io.c:876:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(src, buf, UMIN(8192, required - written));
data/uwsgi-2.0.19.1/core/io.c:951:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:970:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:991:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, len);
data/uwsgi-2.0.19.1/core/io.c:1005:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, buf, len);
data/uwsgi-2.0.19.1/core/io.c:1045:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:1055:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:1087:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:1097:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/io.c:1200:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/io.c:1281:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret = uwsgi_startswith(file, url, strlen(url));
data/uwsgi-2.0.19.1/core/json.c:61:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_strncmp(uyos->object, strlen(uyos->object), (char *)s, (size_t)s_len)) {
data/uwsgi-2.0.19.1/core/legion.c:535:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(ul->socket, crypted_buf, (UMAX16 - EVP_MAX_BLOCK_LENGTH - 4));
data/uwsgi-2.0.19.1/core/legion.c:700:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_alarm_trigger(arg, space+1, strlen(space+1));
data/uwsgi-2.0.19.1/core/legion.c:947:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ul->scroll_len = strlen(ul->scroll);
data/uwsgi-2.0.19.1/core/legion.c:1091:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s_len = strlen(secret);
data/uwsgi-2.0.19.1/core/legion.c:1102:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_iv_len = strlen(iv);
data/uwsgi-2.0.19.1/core/legion.c:1131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ul->legion_len = strlen(ul->legion);
data/uwsgi-2.0.19.1/core/logging.c:778:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(procfd, (char *) &info, sizeof(info)) > 0) {
data/uwsgi-2.0.19.1/core/logging.c:1004:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.logvectors[wsgi_req->async_id][pos].iov_len = strlen(uwsgi.logvectors[wsgi_req->async_id][pos].iov_base);
data/uwsgi-2.0.19.1/core/logging.c:1083:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1088:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1093:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1098:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1103:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1124:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1155:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1160:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1165:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1175:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1180:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1190:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1195:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1200:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1205:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1210:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1215:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1220:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1225:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1230:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1240:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1245:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*buf);
data/uwsgi-2.0.19.1/core/logging.c:1283:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_strncmp(name, name_len, logchunk->name, strlen(logchunk->name))) {
data/uwsgi-2.0.19.1/core/logging.c:1399:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uwsgi.shared->worker_log_pipe[0], uwsgi.log_master_buf, uwsgi.log_master_bufsize);
data/uwsgi-2.0.19.1/core/logging.c:1465:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uwsgi.shared->worker_req_log_pipe[0], uwsgi.log_master_buf, uwsgi.log_master_bufsize);
data/uwsgi-2.0.19.1/core/logging.c:1688:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub = uwsgi_buffer_new(len + strlen(ule->args));
data/uwsgi-2.0.19.1/core/logging.c:1689:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, ule->args, strlen(ule->args))) goto end;
data/uwsgi-2.0.19.1/core/logging.c:1724:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub = uwsgi_buffer_new(len + strlen(ule->args));
data/uwsgi-2.0.19.1/core/logging.c:1726:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, ule->args, strlen(ule->args))) goto end;
data/uwsgi-2.0.19.1/core/logging.c:1739:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t remains = strlen(ptr);
data/uwsgi-2.0.19.1/core/logging.c:1808:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub = uwsgi_buffer_new(strlen(ule->args) + len);
data/uwsgi-2.0.19.1/core/logging.c:1861:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub = uwsgi_buffer_new(strlen(ule->args) + len);
data/uwsgi-2.0.19.1/core/logging.c:1871:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, e_json, strlen(e_json))){
data/uwsgi-2.0.19.1/core/logging.c:1880:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, e_json, strlen(e_json))){
data/uwsgi-2.0.19.1/core/logging.c:1904:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, e_json, strlen(e_json))){
data/uwsgi-2.0.19.1/core/master.c:537:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->len = strlen(usl->value);
data/uwsgi-2.0.19.1/core/master.c:549:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->len = strlen(usl->value);
data/uwsgi-2.0.19.1/core/master.c:568:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->len = strlen(usl->value);
data/uwsgi-2.0.19.1/core/master_events.c:81:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(interesting_fd, tmp, usl->custom2) <= 0) {
data/uwsgi-2.0.19.1/core/master_events.c:112:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(interesting_fd, tmp, usl->custom2) <= 0) {
data/uwsgi-2.0.19.1/core/master_events.c:210:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(interesting_fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/master_events.c:228:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(interesting_fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/master_events.c:248:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(interesting_fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/master_utils.c:411:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) == 0)
data/uwsgi-2.0.19.1/core/master_utils.c:828:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd = uwsgi_malloc((strlen(ud->command)*2)+1);
data/uwsgi-2.0.19.1/core/master_utils.c:829:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_json(ud->command, strlen(ud->command), cmd);
data/uwsgi-2.0.19.1/core/master_utils.c:1333:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd = uwsgi_malloc((strlen(ucron->command)*2)+1);
data/uwsgi-2.0.19.1/core/master_utils.c:1334:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_json(ucron->command, strlen(ucron->command), cmd);
data/uwsgi-2.0.19.1/core/master_utils.c:1557:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
proc_len = read(proc_file, proc_buf, 4096);
data/uwsgi-2.0.19.1/core/master_utils.c:1570:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
proc_len = read(proc_file, proc_buf, 4096);
data/uwsgi-2.0.19.1/core/master_utils.c:1762:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(de->d_name) > 0 && de->d_name[0] == '.') continue;
data/uwsgi-2.0.19.1/core/master_utils.c:1821:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(de->d_name) > 0 && de->d_name[0] == '.') continue;
data/uwsgi-2.0.19.1/core/metrics.c:82:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, 4096);
data/uwsgi-2.0.19.1/core/metrics.c:131:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/uwsgi-2.0.19.1/core/metrics.c:161:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/uwsgi-2.0.19.1/core/metrics.c:230:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metric->name_len = strlen(metric->name);
data/uwsgi-2.0.19.1/core/metrics.c:246:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metric->oid_len = strlen(oid);
data/uwsgi-2.0.19.1/core/metrics.c:329:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (uwsgi_kvlist_parse(arg, strlen(arg), ',', '=',
data/uwsgi-2.0.19.1/core/metrics.c:738:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dir = uwsgi_expand_path(uwsgi.metrics_dir, strlen(uwsgi.metrics_dir), NULL);
data/uwsgi-2.0.19.1/core/metrics.c:935:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
umt->msg_len = strlen(m_msg);
data/uwsgi-2.0.19.1/core/mount.c:132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[1].iov_len = strlen(fs) + 1;
data/uwsgi-2.0.19.1/core/mount.c:137:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[3].iov_len = strlen(where) + 1;
data/uwsgi-2.0.19.1/core/mount.c:142:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[5].iov_len = strlen(what) + 1;
data/uwsgi-2.0.19.1/core/mount.c:186:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(delim0, strlen(delim0), slashed, strlen(slashed))) goto unmountable;
data/uwsgi-2.0.19.1/core/mount.c:186:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(delim0, strlen(delim0), slashed, strlen(slashed))) goto unmountable;
data/uwsgi-2.0.19.1/core/mule.c:194:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(interesting_fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/mule.c:208:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(interesting_fd, message, 65536);
data/uwsgi-2.0.19.1/core/mule.c:342:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(uwsgi.mules[uwsgi.muleid - 1].queue_pipe[1], message, buffer_size);
data/uwsgi-2.0.19.1/core/mule.c:345:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(uwsgi.shared->mule_queue_pipe[1], message, buffer_size);
data/uwsgi-2.0.19.1/core/mule.c:358:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(interesting_fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/mule.c:379:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(mulepoll[count + i].fd, message, buffer_size);
data/uwsgi-2.0.19.1/core/notify.c:16:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iovec[1].iov_len = strlen(message);
data/uwsgi-2.0.19.1/core/notify.c:55:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(systemd_socket);
data/uwsgi-2.0.19.1/core/notify.c:59:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sd_sun->sun_path, systemd_socket, UMIN(len, sizeof(sd_sun->sun_path)));
data/uwsgi-2.0.19.1/core/notify.c:81:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, 8192);
data/uwsgi-2.0.19.1/core/notify.c:108:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(un_addr.sun_path, dst, 102);
data/uwsgi-2.0.19.1/core/offload.c:284:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(ut->pipe[1], uor, sizeof(struct uwsgi_offload_request));
data/uwsgi-2.0.19.1/core/offload.c:425:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(uor->fd, uor->buf, 4096);
data/uwsgi-2.0.19.1/core/offload.c:527:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(uor->fd, uor->buf, 4096);
data/uwsgi-2.0.19.1/core/offload.c:541:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(uor->s, uor->buf, 4096);
data/uwsgi-2.0.19.1/core/plugins.c:14:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/plugins.c:174:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *plugin_entry_symbol = uwsgi_concat2n(plugin_symbol_name_start, strlen(plugin_symbol_name_start) - 3, "", 0);
data/uwsgi-2.0.19.1/core/plugins.c:183:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(linkpath, linkpath_buf, linkpath_size + 1);
data/uwsgi-2.0.19.1/core/plugins.c:196:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plugin_entry_symbol = uwsgi_concat2n(slash, strlen(slash) - 3, "", 0);
data/uwsgi-2.0.19.1/core/plugins_builder.c:32:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dot_h) == 0) {
data/uwsgi-2.0.19.1/core/plugins_builder.c:45:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t dot_h_len = (ssize_t) strlen(dot_h);
data/uwsgi-2.0.19.1/core/plugins_builder.c:57:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config_py) == 0) {
data/uwsgi-2.0.19.1/core/plugins_builder.c:68:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t config_py_len = (ssize_t) strlen(config_py);
data/uwsgi-2.0.19.1/core/plugins_builder.c:79:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cflags) == 0) {
data/uwsgi-2.0.19.1/core/progress.c:64:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upload_progress_filename = uwsgi_concat4n(uwsgi.upload_progress, strlen(uwsgi.upload_progress), "/", 1, upload_progress_filename, 36, ".js", 3);
data/uwsgi-2.0.19.1/core/protocol.c:32:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/protocol.c:58:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, ptr, remains);
data/uwsgi-2.0.19.1/core/protocol.c:245:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) return;
data/uwsgi-2.0.19.1/core/protocol.c:835:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
udd->vallen = strlen(udd->value);
data/uwsgi-2.0.19.1/core/protocol.c:865:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
udd->vallen = strlen(udd->value);
data/uwsgi-2.0.19.1/core/protocol.c:898:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
udd->vallen = strlen(udd->value);
data/uwsgi-2.0.19.1/core/protocol.c:918:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_file_serve(wsgi_req, real_docroot, strlen(real_docroot), wsgi_req->path_info, wsgi_req->path_info_len, 0)) {
data/uwsgi-2.0.19.1/core/querystring.c:12:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) return NULL;
data/uwsgi-2.0.19.1/core/routing.c:19:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urv->name_len = strlen(name);
data/uwsgi-2.0.19.1/core/routing.c:50:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass1_len = strlen(pass1);
data/uwsgi-2.0.19.1/core/routing.c:55:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass1_len = strlen(pass1);
data/uwsgi-2.0.19.1/core/routing.c:353:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(opt, strlen(opt), "final", 5)) {
data/uwsgi-2.0.19.1/core/routing.c:356:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!uwsgi_starts_with(opt, strlen(opt), "error", 5)) {
data/uwsgi-2.0.19.1/core/routing.c:359:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!uwsgi_starts_with(opt, strlen(opt), "response", 8)) {
data/uwsgi-2.0.19.1/core/routing.c:373:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(opt, strlen(opt), "final", 5)) {
data/uwsgi-2.0.19.1/core/routing.c:376:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!uwsgi_starts_with(opt, strlen(opt), "error", 5)) {
data/uwsgi-2.0.19.1/core/routing.c:379:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!uwsgi_starts_with(opt, strlen(opt), "response", 8)) {
data/uwsgi-2.0.19.1/core/routing.c:392:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->label_len = strlen(value);
data/uwsgi-2.0.19.1/core/routing.c:470:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->subject_str_len = strlen(ur->subject_str);
data/uwsgi-2.0.19.1/core/routing.c:582:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:615:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:678:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data);
data/uwsgi-2.0.19.1/core/routing.c:682:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:797:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:838:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/core/routing.c:845:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/core/routing.c:904:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:930:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/core/routing.c:937:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/core/routing.c:959:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:980:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1006:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1019:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1054:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1078:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1102:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1126:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1150:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1174:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1199:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1224:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1244:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1269:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1320:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1345:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1370:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1389:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1419:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1421:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/core/routing.c:1449:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(arg);
data/uwsgi-2.0.19.1/core/routing.c:1903:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1907:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1916:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1920:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1925:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1929:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1933:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1969:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:1973:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/core/routing.c:2226:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->custom = strlen(usl->value);
data/uwsgi-2.0.19.1/core/routing.c:2229:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->custom2 = strlen(space+1);
data/uwsgi-2.0.19.1/core/routing.c:2240:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->custom = strlen(usl->value);
data/uwsgi-2.0.19.1/core/routing.c:2243:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usl->custom2 = strlen(space+1);
data/uwsgi-2.0.19.1/core/rpc.c:15:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= UMAX8) {
data/uwsgi-2.0.19.1/core/rpc.c:37:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(urpc->name, name, strlen(name));
data/uwsgi-2.0.19.1/core/rpc.c:136:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_size = 2 + strlen(func);
data/uwsgi-2.0.19.1/core/rpc.c:158:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = strlen(func);
data/uwsgi-2.0.19.1/core/sendfile.c:44:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(filefd, buf, UMIN(len, 8192));
data/uwsgi-2.0.19.1/core/sharedarea.c:329:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(arg, strlen(arg), ',', '=',
data/uwsgi-2.0.19.1/core/sharedarea.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s_size) > 2 && s_size[0] == '0' && s_size[1] == 'x') {
data/uwsgi-2.0.19.1/core/sharedarea.c:356:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s_offset) > 2 && s_offset[0] == '0' && s_offset[1] == 'x') {
data/uwsgi-2.0.19.1/core/signal.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
receiver_len = strlen(receiver);
data/uwsgi-2.0.19.1/core/signal.c:128:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(use->receiver, receiver, receiver_len + 1);
data/uwsgi-2.0.19.1/core/signal.c:157:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > (0xff - 1)) {
data/uwsgi-2.0.19.1/core/signal.c:167:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(ushared->files_monitored[ushared->files_monitored_cnt].filename, filename, strlen(filename));
data/uwsgi-2.0.19.1/core/signal.c:441:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(uwsgi.signal_socket, &uwsgi_signal, 1) != 1) {
data/uwsgi-2.0.19.1/core/signal.c:454:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(uwsgi.my_signal_socket, &uwsgi_signal, 1) != 1) {
data/uwsgi-2.0.19.1/core/signal.c:476:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, &uwsgi_signal, 1);
data/uwsgi-2.0.19.1/core/snmp.c:87:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uwsgi.shared->snmp_community) != community_len)
data/uwsgi-2.0.19.1/core/snmp.c:415:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uwsgi.snmp_community) > 72) {
data/uwsgi-2.0.19.1/core/snmp.c:420:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uwsgi.shared->snmp_community, uwsgi.snmp_community, strlen(uwsgi.snmp_community) + 1);
data/uwsgi-2.0.19.1/core/socket.c:26:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sock1_len = strlen(sock1);
data/uwsgi-2.0.19.1/core/socket.c:27:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sock2_len = strlen(sock2);
data/uwsgi-2.0.19.1/core/socket.c:31:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock1_len = strlen(sock1);
data/uwsgi-2.0.19.1/core/socket.c:36:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock2_len = strlen(sock2);
data/uwsgi-2.0.19.1/core/socket.c:147:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr->sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:148:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name);
data/uwsgi-2.0.19.1/core/socket.c:170:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(socket_name) > 102) {
data/uwsgi-2.0.19.1/core/socket.c:179:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(socket_name) > 1 && socket_name[0] == '\\' && socket_name[1] == '0') {
data/uwsgi-2.0.19.1/core/socket.c:208:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr->sun_path + abstract_socket, socket_name + 1, UMIN(strlen(socket_name + 1), 101));
data/uwsgi-2.0.19.1/core/socket.c:209:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name) + 1;
data/uwsgi-2.0.19.1/core/socket.c:211:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(socket_name) > 1 && socket_name[0] == '\\' && socket_name[1] == '0') {
data/uwsgi-2.0.19.1/core/socket.c:212:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr->sun_path + abstract_socket, socket_name + 2, UMIN(strlen(socket_name + 2), 101));
data/uwsgi-2.0.19.1/core/socket.c:213:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name + 1) + 1;
data/uwsgi-2.0.19.1/core/socket.c:217:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr->sun_path + 1, socket_name, UMIN(strlen(socket_name), 101));
data/uwsgi-2.0.19.1/core/socket.c:218:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name) + 1;
data/uwsgi-2.0.19.1/core/socket.c:221:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr->sun_path + abstract_socket, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:222:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name);
data/uwsgi-2.0.19.1/core/socket.c:405:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
un_size = sizeof(uws_addr.sun_family) + strlen(socket_name) + 1;
data/uwsgi-2.0.19.1/core/socket.c:406:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr.sun_path + 1, socket_name + 1, UMIN(strlen(socket_name + 1), 101));
data/uwsgi-2.0.19.1/core/socket.c:408:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(socket_name) > 1 && socket_name[0] == '\\' && socket_name[1] == '0') {
data/uwsgi-2.0.19.1/core/socket.c:409:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
un_size = sizeof(uws_addr.sun_family) + strlen(socket_name + 1) + 1;
data/uwsgi-2.0.19.1/core/socket.c:410:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr.sun_path + 1, socket_name + 2, UMIN(strlen(socket_name + 2), 101));
data/uwsgi-2.0.19.1/core/socket.c:413:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uws_addr.sun_path, socket_name, UMIN(strlen(socket_name), 102));
data/uwsgi-2.0.19.1/core/socket.c:520:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(socket_name); i++) {
data/uwsgi-2.0.19.1/core/socket.c:572:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(socket_name, new_addr, strlen(socket_name))) {
data/uwsgi-2.0.19.1/core/socket.c:597:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(socket_name);
data/uwsgi-2.0.19.1/core/socket.c:611:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name) + 1;
data/uwsgi-2.0.19.1/core/socket.c:615:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(socket_name + 1) + 1;
data/uwsgi-2.0.19.1/core/socket.c:1051:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name = uwsgi_concat3n(name, tcp_port - name, ":", 1, auto_port, strlen(auto_port));
data/uwsgi-2.0.19.1/core/socket.c:1069:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name = uwsgi_concat3n(auto_ip, strlen(auto_ip), ":", 1, auto_port, strlen(auto_port));
data/uwsgi-2.0.19.1/core/socket.c:1069:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name = uwsgi_concat3n(auto_ip, strlen(auto_ip), ":", 1, auto_port, strlen(auto_port));
data/uwsgi-2.0.19.1/core/socket.c:1163:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = strncmp(computed_addr, uwsgi_sock->name, strlen(uwsgi_sock->name));
data/uwsgi-2.0.19.1/core/socket.c:1548:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sanitized_sn = uwsgi_concat2n(socket_name + 1, strlen(socket_name + 1) - 1, "", 0);
data/uwsgi-2.0.19.1/core/spooler.c:81:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_strncmp(uspool->dir, strlen(uspool->dir), name, name_len)) {
data/uwsgi-2.0.19.1/core/spooler.c:250:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(uspool->dir) + sr.priority_len + strlen(uwsgi.hostname) + 256;
data/uwsgi-2.0.19.1/core/spooler.c:250:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(uspool->dir) + sr.priority_len + strlen(uwsgi.hostname) + 256;
data/uwsgi-2.0.19.1/core/spooler.c:272:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(uspool->dir) + strlen(uwsgi.hostname) + 256;
data/uwsgi-2.0.19.1/core/spooler.c:272:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(uspool->dir) + strlen(uwsgi.hostname) + 256;
data/uwsgi-2.0.19.1/core/ssl.c:114:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t servername_len = strlen(servername);
data/uwsgi-2.0.19.1/core/ssl.c:160:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sni_dir_len = strlen(uwsgi.sni_dir);
data/uwsgi-2.0.19.1/core/ssl.c:249:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi.ssl_tmp_dir && !uwsgi_starts_with(crt, strlen(crt), "-----BEGIN ", 11)) {
data/uwsgi-2.0.19.1/core/ssl.c:250:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crt = uwsgi_write_pem_to_file(name, crt, strlen(crt), ".crt");
data/uwsgi-2.0.19.1/core/ssl.c:291:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi.ssl_tmp_dir && !uwsgi_starts_with(key, strlen(key), "-----BEGIN ", 11)) {
data/uwsgi-2.0.19.1/core/ssl.c:292:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = uwsgi_write_pem_to_file(name, key, strlen(key), ".key");
data/uwsgi-2.0.19.1/core/ssl.c:310:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ciphers && strlen(ciphers) > 0) {
data/uwsgi-2.0.19.1/core/ssl.c:322:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSL_CTX_set_session_id_context(ctx, (unsigned char *) name, strlen(name));
data/uwsgi-2.0.19.1/core/ssl.c:335:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi.ssl_tmp_dir && !uwsgi_starts_with(client_ca, strlen(client_ca), "-----BEGIN ", 11)) {
data/uwsgi-2.0.19.1/core/ssl.c:340:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
client_ca = uwsgi_write_pem_to_file(name, client_ca, strlen(client_ca), ".ca");
data/uwsgi-2.0.19.1/core/ssl.c:531:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename = uwsgi_concat4n(base, strlen(base), "/", 1, key, keylen, ".pem\0", 5);
data/uwsgi-2.0.19.1/core/ssl.c:533:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(base) + 1; i < (strlen(base) + 1) + keylen; i++) {
data/uwsgi-2.0.19.1/core/ssl.c:533:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(base) + 1; i < (strlen(base) + 1) + keylen; i++) {
data/uwsgi-2.0.19.1/core/static.c:620:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_filename_len = strlen(real_filename);
data/uwsgi-2.0.19.1/core/stats.c:451:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(interesting_fd, buf, 4096);
data/uwsgi-2.0.19.1/core/stats.c:556:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escape_json(var, strlen(var), escaped_var);
data/uwsgi-2.0.19.1/core/storage.c:26:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/uwsgi-2.0.19.1/core/strings.c:190:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + 1;
data/uwsgi-2.0.19.1/core/strings.c:190:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + 1;
data/uwsgi-2.0.19.1/core/strings.c:196:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:197:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:197:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:206:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + strlen(four) + 1;
data/uwsgi-2.0.19.1/core/strings.c:206:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + strlen(four) + 1;
data/uwsgi-2.0.19.1/core/strings.c:206:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + strlen(four) + 1;
data/uwsgi-2.0.19.1/core/strings.c:206:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + strlen(four) + 1;
data/uwsgi-2.0.19.1/core/strings.c:212:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:213:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:213:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:214:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:214:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:214:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:215:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two) + strlen(three), four, strlen(four));
data/uwsgi-2.0.19.1/core/strings.c:215:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two) + strlen(three), four, strlen(four));
data/uwsgi-2.0.19.1/core/strings.c:215:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two) + strlen(three), four, strlen(four));
data/uwsgi-2.0.19.1/core/strings.c:215:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two) + strlen(three), four, strlen(four));
data/uwsgi-2.0.19.1/core/strings.c:225:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + 1;
data/uwsgi-2.0.19.1/core/strings.c:225:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + 1;
data/uwsgi-2.0.19.1/core/strings.c:225:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(one) + strlen(two) + strlen(three) + 1;
data/uwsgi-2.0.19.1/core/strings.c:231:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, one, strlen(one));
data/uwsgi-2.0.19.1/core/strings.c:232:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:232:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one), two, strlen(two));
data/uwsgi-2.0.19.1/core/strings.c:233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:233:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:233:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + strlen(one) + strlen(two), three, strlen(three));
data/uwsgi-2.0.19.1/core/strings.c:322:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (int) strlen(item);
data/uwsgi-2.0.19.1/core/strings.c:341:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + len, item, strlen(item));
data/uwsgi-2.0.19.1/core/strings.c:342:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(item);
data/uwsgi-2.0.19.1/core/subscription.c:654:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(un_addr.sun_path, host, 102);
data/uwsgi-2.0.19.1/core/subscription.c:680:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "address", 7, socket_name, strlen(socket_name)))
data/uwsgi-2.0.19.1/core/subscription.c:704:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "sni_key", 7, sni_key, strlen(sni_key)))
data/uwsgi-2.0.19.1/core/subscription.c:709:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "sni_crt", 7, sni_crt, strlen(sni_crt)))
data/uwsgi-2.0.19.1/core/subscription.c:714:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "sni_ca", 6, sni_ca, strlen(sni_ca)))
data/uwsgi-2.0.19.1/core/subscription.c:719:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "notify", 6, uwsgi.subscription_notify_socket, strlen(uwsgi.subscription_notify_socket)))
data/uwsgi-2.0.19.1/core/subscription.c:723:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(ub, "notify", 6, uwsgi.notify_socket, strlen(uwsgi.notify_socket)))
data/uwsgi-2.0.19.1/core/subscription.c:891:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/subscription.c:895:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal)
data/uwsgi-2.0.19.1/core/subscription.c:911:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/subscription.c:922:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/subscription.c:943:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier1_len = strlen(modifier1);
data/uwsgi-2.0.19.1/core/subscription.c:944:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keysize = strlen(key);
data/uwsgi-2.0.19.1/core/subscription.c:961:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier1_len = strlen(modifier1);
data/uwsgi-2.0.19.1/core/subscription.c:962:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keysize = strlen(key);
data/uwsgi-2.0.19.1/core/subscription.c:990:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier1_len = strlen(modifier1);
data/uwsgi-2.0.19.1/core/subscription.c:993:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_send_subscription(udp_address, subscription_key + 1, strlen(subscription_key + 1), uwsgi_str_num(modifier1, modifier1_len), 0, cmd, socket_name, sign, NULL, NULL, NULL);
data/uwsgi-2.0.19.1/core/subscription.c:1001:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/uwsgi-2.0.19.1/core/subscription.c:1022:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(arg, strlen(arg), ',', '=', "server", &s2_server, "key", &s2_key, "socket", &s2_socket, "addr", &s2_addr, "weight", &s2_weight, "modifier1", &s2_modifier1, "modifier2", &s2_modifier2, "sign", &s2_sign, "check", &s2_check, "sni_key", &s2_sni_key, "sni_crt", &s2_sni_crt, "sni_ca", &s2_sni_ca, NULL)) {
data/uwsgi-2.0.19.1/core/subscription.c:1059:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_send_subscription(s2_server, s2_key, strlen(s2_key), modifier1, modifier2, cmd, s2_addr, s2_sign, s2_sni_key, s2_sni_crt, s2_sni_ca);
data/uwsgi-2.0.19.1/core/utils.c:162:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/uwsgi-2.0.19.1/core/utils.c:484:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/utils.c:491:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/core/utils.c:623:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
space += 1 + strlen(arg);
data/uwsgi-2.0.19.1/core/utils.c:1269:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uwsgi.ksm_mappings_current_size = read(fd, uwsgi.ksm_mappings_current, uwsgi.ksm_buffer_size);
data/uwsgi-2.0.19.1/core/utils.c:1330:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/uwsgi-2.0.19.1/core/utils.c:1597:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(src); i++) {
data/uwsgi-2.0.19.1/core/utils.c:1612:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst[strlen(src)] = 0;
data/uwsgi-2.0.19.1/core/utils.c:1623:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
earg = uwsgi_malloc(strlen(*uenvs + 6) + 1);
data/uwsgi-2.0.19.1/core/utils.c:1722:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/uwsgi-2.0.19.1/core/utils.c:1723:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wlen = strlen(what);
data/uwsgi-2.0.19.1/core/utils.c:1724:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t with_len = strlen(with);
data/uwsgi-2.0.19.1/core/utils.c:1752:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(dst_ptr, strlen(ptr) + 1, "%s", ptr);
data/uwsgi-2.0.19.1/core/utils.c:1855:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
magic_buf = uwsgi_concat3n(old_magic_buf, magic_len, magic_table[(unsigned char) buffer[i + 1]], strlen(magic_table[(unsigned char) buffer[i + 1]]), buffer + i + 2, len - i);
data/uwsgi-2.0.19.1/core/utils.c:1857:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
magic_len += strlen(magic_table[(unsigned char) buffer[i + 1]]);
data/uwsgi-2.0.19.1/core/utils.c:1886:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(what);
data/uwsgi-2.0.19.1/core/utils.c:1960:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(what); i++) {
data/uwsgi-2.0.19.1/core/utils.c:2294:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_string->len = strlen(value);
data/uwsgi-2.0.19.1/core/utils.c:2341:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !uwsgi_regexp_match(regexp, regexp_extra, str, strlen(str));
data/uwsgi-2.0.19.1/core/utils.c:2598:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str1len = strlen(str1);
data/uwsgi-2.0.19.1/core/utils.c:2599:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str2len = strlen(str2);
data/uwsgi-2.0.19.1/core/utils.c:3040:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < (int) strlen(uwsgi.exported_opts[i]->value); j++) {
data/uwsgi-2.0.19.1/core/utils.c:3076:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.exported_opts[i]->value = uwsgi_concat4n(uwsgi.exported_opts[i]->value, (magic_key - 2) - uwsgi.exported_opts[i]->value, magic_val, strlen(magic_val), magic_key + (has_symbol - 1), strlen(magic_key + (has_symbol - 1)), "", 0);
data/uwsgi-2.0.19.1/core/utils.c:3076:194: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.exported_opts[i]->value = uwsgi_concat4n(uwsgi.exported_opts[i]->value, (magic_key - 2) - uwsgi.exported_opts[i]->value, magic_val, strlen(magic_val), magic_key + (has_symbol - 1), strlen(magic_key + (has_symbol - 1)), "", 0);
data/uwsgi-2.0.19.1/core/utils.c:3106:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amount += strlen(uwsgi.procname_prefix);
data/uwsgi-2.0.19.1/core/utils.c:3109:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(uwsgi.orig_argv[0], uwsgi.procname_prefix, uwsgi.max_procname - (amount + 1));
data/uwsgi-2.0.19.1/core/utils.c:3112:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amount += strlen(name);
data/uwsgi-2.0.19.1/core/utils.c:3115:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(uwsgi.orig_argv[0], name, (uwsgi.max_procname - amount + 1));
data/uwsgi-2.0.19.1/core/utils.c:3118:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amount += strlen(uwsgi.procname_append);
data/uwsgi-2.0.19.1/core/utils.c:3121:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(uwsgi.orig_argv[0], uwsgi.procname_append, uwsgi.max_procname - (amount + 1));
data/uwsgi-2.0.19.1/core/utils.c:3448:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wi->mountpoint, mountpoint, wi->mountpoint_len);
data/uwsgi-2.0.19.1/core/utils.c:3520:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t slen = (ssize_t) strlen(str), i;
data/uwsgi-2.0.19.1/core/utils.c:3537:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t slen = (ssize_t) strlen(str), i;
data/uwsgi-2.0.19.1/core/utils.c:3915:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(usl->value);
data/uwsgi-2.0.19.1/core/utils.c:3973:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, 4096) <= 0)
data/uwsgi-2.0.19.1/core/utils.c:4023:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/uwsgi-2.0.19.1/core/utils.c:4059:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &r[i], 4) != 4) {
data/uwsgi-2.0.19.1/core/utils.c:4420:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(content);
data/uwsgi-2.0.19.1/core/utils.c:4521:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) < 3) {
data/uwsgi-2.0.19.1/core/utils.c:4526:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) == 3) {
data/uwsgi-2.0.19.1/core/uwsgi.c:1069:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullname = uwsgi_expand_path(filename, strlen(filename), NULL);
data/uwsgi-2.0.19.1/core/uwsgi.c:1073:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *minimal_name = uwsgi_malloc(strlen(fullname) + 1);
data/uwsgi-2.0.19.1/core/uwsgi.c:1074:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(minimal_name, fullname, strlen(fullname));
data/uwsgi-2.0.19.1/core/uwsgi.c:1075:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
minimal_name[strlen(fullname)] = 0;
data/uwsgi-2.0.19.1/core/uwsgi.c:1084:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t hash = djb33x_hash(magic_table['p'], strlen(magic_table['p']));
data/uwsgi-2.0.19.1/core/uwsgi.c:1097:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (magic_table['d'][strlen(magic_table['d']) - 1] == '/') {
data/uwsgi-2.0.19.1/core/uwsgi.c:1098:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = magic_table['d'] + (strlen(magic_table['d']) - 1);
data/uwsgi-2.0.19.1/core/uwsgi.c:1123:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (magic_table['c'][strlen(magic_table['c']) - 1] == '/') {
data/uwsgi-2.0.19.1/core/uwsgi.c:1124:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
magic_table['c'][strlen(magic_table['c']) - 1] = 0;
data/uwsgi-2.0.19.1/core/uwsgi.c:1761:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.max_procname += strlen(argv[i]) + 1;
data/uwsgi-2.0.19.1/core/uwsgi.c:1774:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.max_procname += strlen(environ[i]) + 1;
data/uwsgi-2.0.19.1/core/uwsgi.c:1842:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_buffer_append(ub, bt_strings[i], strlen(bt_strings[i]));
data/uwsgi-2.0.19.1/core/uwsgi.c:2195:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.hostname_len = strlen(uwsgi.hostname);
data/uwsgi-2.0.19.1/core/uwsgi.c:3742:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(uwsgi.short_options, &shortcut, 1);
data/uwsgi-2.0.19.1/core/uwsgi.c:3747:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(uwsgi.short_options, ":");
data/uwsgi-2.0.19.1/core/uwsgi.c:3769:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(op->name) > max_size) {
data/uwsgi-2.0.19.1/core/uwsgi.c:3770:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = strlen(op->name);
data/uwsgi-2.0.19.1/core/uwsgi.c:4213:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name_len = strlen(uwsgi_sock->name);
data/uwsgi-2.0.19.1/core/uwsgi.c:4246:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name_len = strlen(uwsgi_sock->name);
data/uwsgi-2.0.19.1/core/uwsgi.c:4264:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sock->name_len = strlen(uwsgi_sock->name);
data/uwsgi-2.0.19.1/core/uwsgi.c:4326:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/uwsgi-2.0.19.1/core/uwsgi.c:4432:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(&uwsgi.check_static, value, strlen(value), NULL, 0);
data/uwsgi-2.0.19.1/core/uwsgi.c:4441:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/core/uwsgi.c:4448:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(udd, value, equal - value, equal + 1, strlen(equal + 1));
data/uwsgi-2.0.19.1/core/uwsgi.c:4463:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_dyn_dict *new_udd = uwsgi_dyn_dict_new(udd, value, space - value, space + 1, strlen(space + 1));
data/uwsgi-2.0.19.1/core/uwsgi.c:4509:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(maps, mountpoint, strlen(mountpoint), docroot, strlen(docroot));
data/uwsgi-2.0.19.1/core/uwsgi.c:4509:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(maps, mountpoint, strlen(mountpoint), docroot, strlen(docroot));
data/uwsgi-2.0.19.1/core/uwsgi.c:4589:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) == 1 && *value == '1') {
data/uwsgi-2.0.19.1/core/uwsgi.c:4592:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) != 3) {
data/uwsgi-2.0.19.1/core/uwsgi.c:4614:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) != 3) {
data/uwsgi-2.0.19.1/core/uwsgi.c:4764:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/core/uwsgi.c:4836:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/uwsgi-2.0.19.1/core/uwsgi.c:4872:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/uwsgi-2.0.19.1/core/uwsgi.c:4922:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf, 8192);
data/uwsgi-2.0.19.1/core/yaml.c:18:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(line) - 1; i >= 0; i--) {
data/uwsgi-2.0.19.1/core/yaml.c:32:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(line); i++) {
data/uwsgi-2.0.19.1/core/yaml.c:49:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(line); i++) {
data/uwsgi-2.0.19.1/lib/linux_ns.c:33:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_startswith(usl->value, uwsgi.ns, strlen(uwsgi.ns))) {
data/uwsgi-2.0.19.1/lib/linux_ns.c:34:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *skipped = usl->value + strlen(uwsgi.ns);
data/uwsgi-2.0.19.1/lib/linux_ns.c:35:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi.ns[strlen(uwsgi.ns)-1] == '/') {
data/uwsgi-2.0.19.1/lib/linux_ns.c:144:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sethostname(ns_hostname, strlen(ns_hostname))) {
data/uwsgi-2.0.19.1/lib/linux_ns.c:211:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_startswith(destination, uwsgi.ns, strlen(uwsgi.ns))) {
data/uwsgi-2.0.19.1/lib/linux_ns.c:212:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi.ns[strlen(uwsgi.ns)-1] == '/') {
data/uwsgi-2.0.19.1/lib/linux_ns.c:213:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
destination += strlen(uwsgi.ns)-1;
data/uwsgi-2.0.19.1/lib/linux_ns.c:216:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
destination += strlen(uwsgi.ns);
data/uwsgi-2.0.19.1/lib/netlink.c:325:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rta->rta_len = RTA_LENGTH(strlen(veth1));
data/uwsgi-2.0.19.1/lib/netlink.c:326:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(RTA_DATA(rta), veth1, strlen(veth1));
data/uwsgi-2.0.19.1/lib/netlink.c:336:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rta->rta_len = RTA_LENGTH(strlen(veth0));
data/uwsgi-2.0.19.1/lib/netlink.c:337:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(RTA_DATA(rta), veth0, strlen(veth0));
data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c:49:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c:173:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(n+1)) {
data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c:250:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(ut->pipe[1], ut->buf, uwsgi.log_master_bufsize);
data/uwsgi-2.0.19.1/plugins/airbrake/airbrake_plugin.c:262:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, strlen(notice));
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:95:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal || !uacc->url) {
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:150:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uacc->to) required += 4 + strlen(uacc->to) + 2;
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:151:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uacc->subject) required += 9 + strlen(uacc->subject) + 2;
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:161:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(addr, uacc->to, strlen(uacc->to)); addr += strlen(uacc->to);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:161:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(addr, uacc->to, strlen(uacc->to)); addr += strlen(uacc->to);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:168:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(addr, uacc->subject, strlen(uacc->subject)); addr += strlen(uacc->subject);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:168:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(addr, uacc->subject, strlen(uacc->subject)); addr += strlen(uacc->subject);
data/uwsgi-2.0.19.1/plugins/alarm_curl/alarm_curl_plugin.c:244:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(ut->pipe[1], ut->buf, uwsgi.log_master_bufsize);
data/uwsgi-2.0.19.1/plugins/alarm_xmpp/gloox.cc:150:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(ut->pipe[1], ut->buf, uwsgi.log_master_bufsize);
data/uwsgi-2.0.19.1/plugins/carbon/carbon.c:107:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(u_carbon.root_node) && !uwsgi_endswith(u_carbon.root_node, ".")) {
data/uwsgi-2.0.19.1/plugins/carbon/carbon.c:118:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int)strlen(u_carbon.id);i++) {
data/uwsgi-2.0.19.1/plugins/carbon/carbon.c:125:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int)strlen(u_carbon.hostname);i++) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:31:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(&uc.mountpoint, value, strlen(value), NULL, 0);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:34:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(&uc.mountpoint, value, val-value, val+1, strlen(val+1));
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:45:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_dyn_dict_new(&uc.helpers, value, val-value, val+1, strlen(val+1));
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:95:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
udd->vallen = strlen(udd->value);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:117:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
udd->keylen = strlen(udd->key);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:180:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filename);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:509:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
docroot_len = strlen(docroot);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:537:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_path_len = strlen(tmp_path);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:605:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_path_len = strlen(full_path);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:873:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setenv("SCRIPT_NAME", uwsgi_concat2n(wsgi_req->path_info, discard_base, full_path+docroot_len, strlen(full_path+docroot_len)), 1)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:921:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t arg_copy_len = strlen(p);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:933:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(helper, strlen(helper), "sym://", 6)) {
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:1045:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(space+1);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:1047:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/cgi/cgi_plugin.c:1053:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:155:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ucr->base_len = strlen(ucr->base);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:162:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ucr->pattern_len = strlen(ucr->pattern);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:263:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr->fallback_key_len = strlen(value);
data/uwsgi-2.0.19.1/plugins/corerouter/corerouter.c:717:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ucr->to_socket->name_len = strlen(ucr->to_socket->name);
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:50:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define cr_read(peer, f) read(peer->fd, peer->in->buf + peer->in->pos, peer->in->len - peer->in->pos);\
data/uwsgi-2.0.19.1/plugins/corerouter/cr.h:59:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define cr_read_exact(peer, l, f) read(peer->fd, peer->in->buf + peer->in->pos, (l - peer->in->pos));\
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:52:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ugs->port_len = strlen(ugs->port);
data/uwsgi-2.0.19.1/plugins/corerouter/cr_common.c:68:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ugs->port_len = strlen(ugs->port);
data/uwsgi-2.0.19.1/plugins/corerouter/cr_map.c:126:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
peer->instance_address_len = strlen(peer->instance_address);
data/uwsgi-2.0.19.1/plugins/dumbloop/dumb.c:39:121: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.p[dumbloop_modifier1]->code_string("uwsgi_dumbloop", dumbloop_code, dumbloop_function, str_core, strlen(str_core));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:204:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(exchange)) + (1 +strlen(exchange_type)) + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:204:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(exchange)) + (1 +strlen(exchange_type)) + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:205:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t shortsize = strlen(exchange) ;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:224:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortsize = strlen(exchange_type);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:242:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(queue)) + (1 +strlen(exchange)) + 1 + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:242:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(queue)) + (1 +strlen(exchange)) + 1 + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:243:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t shortsize = strlen(queue) ;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:262:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortsize = strlen(exchange);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:283:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(queue)) + 1 + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:284:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t shortsize = strlen(queue) ;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:530:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t shortsize = strlen(vhost);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:531:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 1 +strlen(vhost) + 2;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:543:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amqp_send(fd, vhost, strlen(vhost));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:586:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 2 + (1 +strlen(queue)) + 1 + 4;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:587:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t shortsize = strlen(queue) ;
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:628:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 4 + (1 +strlen(mech)) + (4 + sasl_response_size) + (1 + strlen(locale));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:628:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t size = 4 + 4 + (1 +strlen(mech)) + (4 + sasl_response_size) + (1 + strlen(locale));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:644:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortsize = strlen(mech);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:646:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amqp_send(fd, mech, strlen(mech));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:654:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shortsize = strlen(locale);
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:656:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amqp_send(fd, locale, strlen(locale));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:667:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *auth = uwsgi_concat4n("\0",1, username, strlen(username), "\0",1, password, strlen(password));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:667:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *auth = uwsgi_concat4n("\0",1, username, strlen(username), "\0",1, password, strlen(password));
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:680:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (amqp_send_connection_start_ok(fd, "PLAIN", auth, strlen(username)+strlen(password)+2, "en_US") < 0) {
data/uwsgi-2.0.19.1/plugins/emperor_amqp/amqp.c:680:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (amqp_send_connection_start_ok(fd, "PLAIN", auth, strlen(username)+strlen(password)+2, "en_US") < 0) {
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:51:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 0) continue;
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:54:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config) == 0) config = NULL;
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:76:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(socket_name) == 0) socket_name = NULL;
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:116:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t arg_len = strlen(ues->arg);
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:143:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t arg_len = strlen(ues->arg);
data/uwsgi-2.0.19.1/plugins/emperor_mongodb/emperor_mongodb.cc:153:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(args, strlen(args), ',', '=',
data/uwsgi-2.0.19.1/plugins/emperor_pg/emperor_pg.c:54:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ts);
data/uwsgi-2.0.19.1/plugins/emperor_pg/emperor_pg.c:68:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vassal_uid = uwsgi_str_num(q_uid, strlen(q_uid));
data/uwsgi-2.0.19.1/plugins/emperor_pg/emperor_pg.c:69:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vassal_gid = uwsgi_str_num(q_gid, strlen(q_gid));
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:99:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(peer->session->client_address, val, vallen);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:106:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(peer->session->client_port, val, vallen);
data/uwsgi-2.0.19.1/plugins/fastrouter/fastrouter.c:272:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(main_peer->fd, buf, UMIN(32768, remains));
data/uwsgi-2.0.19.1/plugins/geoip/geoip.c:69:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(value);
data/uwsgi-2.0.19.1/plugins/geoip/geoip.c:123:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(value);
data/uwsgi-2.0.19.1/plugins/glusterfs/glusterfs.c:187:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_app *ua = uwsgi_add_app(id, glusterfs_plugin.modifier1, ugfs_mountpoint, strlen(ugfs_mountpoint), volume, ugfs_server);
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:167:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ugm->mountpoint_len = strlen(ugm->mountpoint);
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:181:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ugm->prefix_len = strlen(ugm->prefix);
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:185:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ugm->itemname_len = strlen(ugm->itemname);
data/uwsgi-2.0.19.1/plugins/gridfs/gridfs.cc:279:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/http/http.c:383:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(out, "REMOTE_ADDR", 11, peer->session->client_address, strlen(peer->session->client_address))) return -1;
data/uwsgi-2.0.19.1/plugins/http/http.c:384:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(out, "REMOTE_PORT", 11, peer->session->client_port, strlen(peer->session->client_port))) return -1;
data/uwsgi-2.0.19.1/plugins/http/http.c:462:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/http/http.c:463:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(out, hv->value, equal - hv->value, equal + 1, strlen(equal + 1))) return -1;
data/uwsgi-2.0.19.1/plugins/http/http.c:944:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(main_peer->fd, hr->stud_prefix + hr->stud_prefix_pos, hr->stud_prefix_remains - hr->stud_prefix_pos);
data/uwsgi-2.0.19.1/plugins/http/https.c:81:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(value, strlen(value), ',', '=',
data/uwsgi-2.0.19.1/plugins/http/https.c:183:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (servername && strlen(servername) <= 0xff) {
data/uwsgi-2.0.19.1/plugins/http/https.c:184:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
peer->key_len = strlen(servername);
data/uwsgi-2.0.19.1/plugins/http/https.c:201:103: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append_keyval(out, "HTTPS_DN", 8, hr->ssl_client_dn, strlen(hr->ssl_client_dn))) return -1;
data/uwsgi-2.0.19.1/plugins/http/https.c:273:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(peer->in,cs->ugs->ctx, strlen(cs->ugs->ctx))) return -1;
data/uwsgi-2.0.19.1/plugins/http/spdy3.c:819:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen((const char *) *data);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:43:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(ldapname); i++) {
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:60:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(name); i++) {
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:66:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(name) + counter;
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:87:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(src); i++) {
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:97:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dst, "'");
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:186:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_log("%.*s $ ", strlen(p) - 2, p + 1);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:232:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_log("%.*s $ ", strlen(p) - 2, p + 1);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:420:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bval.bv_len = strlen(bval.bv_val);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:434:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filter = uwsgi_malloc( strlen(ulc->login_attr) + (colon-auth) + strlen(ulc->filter) + 7);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:434:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filter = uwsgi_malloc( strlen(ulc->login_attr) + (colon-auth) + strlen(ulc->filter) + 7);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:469:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bval.bv_len = strlen(bval.bv_val);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:551:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/ldap/ldap.c:560:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(comma+1, strlen(comma+1), ';', '=',
data/uwsgi-2.0.19.1/plugins/libffi/libffi.c:23:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char **argv = uwsgi_split_quoted(arg, strlen(arg), " \t", &argc);
data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c:8:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t func_len = strlen(func_base) + sizeof(UMAX64_STR);
data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c:11:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret < (int) strlen(func_base) || ret >= (int) func_len) {
data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c:16:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t source_len = 64 + func_len + strlen(arg);
data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c:19:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret < (int) ( strlen(func_base) + strlen(arg)) || ret >= (int) (source_len)) {
data/uwsgi-2.0.19.1/plugins/libtcc/libtcc.c:19:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret < (int) ( strlen(func_base) + strlen(arg)) || ret >= (int) (source_len)) {
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:49:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s_len = strlen(uclc->secret);
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:60:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_iv_len = strlen(uclc->iv);
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:84:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(ul->arg, strlen(ul->arg), ',', '=',
data/uwsgi-2.0.19.1/plugins/logcrypto/logcrypto.c:101:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uclc->prefix_len = strlen(uclc->prefix);
data/uwsgi-2.0.19.1/plugins/logfile/logfile.c:20:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(ul->arg, strlen(ul->arg), ',', '=',
data/uwsgi-2.0.19.1/plugins/logsocket/logsocket_plugin.c:39:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ul->msg.msg_iov[0].iov_len = strlen(ul->data);
data/uwsgi-2.0.19.1/plugins/lua/lua_plugin.c:869:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(lazy+strlen(lazy)-4, ".lua")) {
data/uwsgi-2.0.19.1/plugins/lua/lua_plugin.c:873:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp(lazy+strlen(lazy)-3, ".ws")) {
data/uwsgi-2.0.19.1/plugins/matheval/math.c:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/plugins/mongodblog/mongodblog_plugin.c:71:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ums->bson_node_len = strlen(ums->bson_node)+1;
data/uwsgi-2.0.19.1/plugins/mongodblog/mongodblog_plugin.c:85:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ums->iovec[2].iov_len = strlen(ums->collection)+1;
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:40:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(json_val) > 0xffff)
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:44:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*extra_len = strlen(json_val);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:46:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return proto_base_add_uwsgi_var(wsgi_req, key, keylen, json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:67:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REQUEST_METHOD", 14, json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:94:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "PATH_INFO", 9, json_val + script_name_len, strlen(json_val + script_name_len));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:96:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *request_uri = uwsgi_concat3n(json_val, strlen(json_val), "?", 1, query_string, query_string_len);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:97:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REQUEST_URI", 11, request_uri, strlen(json_val) + 1 + query_string_len);
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:101:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REQUEST_URI", 11, json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:106:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "UWSGI_SCHEME", 12, json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:112:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "SERVER_PORT", 11, colon + 1, strlen(colon + 1));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:125:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REMOTE_ADDR", 11, json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:145:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_header(wsgi_req, json_key, strlen(json_key), json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:145:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_header(wsgi_req, json_key, strlen(json_key), json_val, strlen(json_val));
data/uwsgi-2.0.19.1/plugins/mongrel2/mongrel2.c:540:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, tmp_buf, chunk_size);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:99:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *path = uwsgi_concat3n(app->interpreter, strlen(app->interpreter), "/", 1, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:100:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(app->interpreter) + 1 + wsgi_req->path_info_len;
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:112:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = mono_string_new(mono_domain_get(), index + strlen(app->interpreter));
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:136:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *path = uwsgi_concat3n(app->interpreter, strlen(app->interpreter), "/", 1, mono_string_to_utf8(virtualPath), mono_string_length(virtualPath));
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:137:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MonoString *ret = mono_string_new_len(mono_domain_get(), path, strlen(path));
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:498:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:500:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
physicalDir_len = strlen(physicalDir);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:503:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mountpoint_len = strlen(mountpoint);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:580:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *path = uwsgi_concat3n(app->interpreter, strlen(app->interpreter), "/", 1, wsgi_req->path_info, wsgi_req->path_info_len);
data/uwsgi-2.0.19.1/plugins/mono/mono_plugin.c:581:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(app->interpreter) + 1 + wsgi_req->path_info_len;
data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c:209:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_umi->str_len = strlen(colon+1);
data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c:219:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_umi->str_len = strlen(colon+1);
data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c:254:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_umi->str_len = strlen(colon+1);
data/uwsgi-2.0.19.1/plugins/msgpack/msgpack.c:266:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub = uwsgi_buffer_new(len + strlen(ule->args));
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:121:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_prepare_headers(wsgi_req, sl + 9 , strlen(sl + 9)))
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:182:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uphp.server_software_len) uphp.server_software_len = strlen(uphp.server_software);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:221:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:223:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
equal+1, strlen(equal+1), track_vars_array TSRMLS_CC);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:245:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sapi_module.ini_entries = realloc(uwsgi_sapi_module.ini_entries, uphp.ini_size + strlen(opt)+2);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:246:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uwsgi_sapi_module.ini_entries + uphp.ini_size, opt, strlen(opt));
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:248:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uphp.ini_size += strlen(opt)+1;
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:259:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:711:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uphp.docroot = uwsgi_expand_path(uphp.docroot, strlen(uphp.docroot), NULL);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:717:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uphp.docroot_len = strlen(uphp.docroot);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:831:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->document_root_len = strlen(wsgi_req->document_root);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:849:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t app_qs_len = strlen(uphp.app_qs);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:886:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = uwsgi_concat2n(wsgi_req->document_root, strlen(wsgi_req->document_root),
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:887:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uphp.fallback2, strlen(uphp.fallback2));
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:889:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->script_name_len = strlen(uphp.fallback2);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:893:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fqs_len = strlen(uphp.fallback_qs);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:935:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_filename_len = strlen(real_filename);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:999:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_filename_len = strlen(real_filename);
data/uwsgi-2.0.19.1/plugins/php/php_plugin.c:1022:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->file_len = strlen(wsgi_req->file);
data/uwsgi-2.0.19.1/plugins/php/session.c:18:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *value = uwsgi_cache_magic_get((char *)key, strlen((char *)key), &valsize, NULL, cache);
data/uwsgi-2.0.19.1/plugins/php/session.c:44:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_cache_magic_set((char *)key, strlen(key), (char *)val, vallen, 0, UWSGI_CACHE_FLAG_UPDATE, cache)) {
data/uwsgi-2.0.19.1/plugins/php/session.c:59:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_cache_magic_del((char *)key, strlen(key), cache)) {
data/uwsgi-2.0.19.1/plugins/ping/ping_plugin.c:76:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uwsgi.shared->warning_message);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:280:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hv_exists(_opts, uwsgi.exported_opts[i]->key, strlen(uwsgi.exported_opts[i]->key))) {
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:281:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SV **value = hv_fetch(_opts, uwsgi.exported_opts[i]->key, strlen(uwsgi.exported_opts[i]->key), 0);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:304:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void ) hv_store(_opts, uwsgi.exported_opts[i]->key, strlen(uwsgi.exported_opts[i]->key), newRV_inc((SV *) _opt_a), 0);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:309:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void )hv_store(_opts, uwsgi.exported_opts[i]->key, strlen(uwsgi.exported_opts[i]->key), newSViv(1), 0);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:312:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)hv_store(_opts, uwsgi.exported_opts[i]->key, strlen(uwsgi.exported_opts[i]->key), newSVpv(uwsgi.exported_opts[i]->value, 0), 0);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_loader.c:577:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
init_psgi_app(NULL, uperl.psgi, strlen(uperl.psgi), uperl.main);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c:713:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(lazy+strlen(lazy)-5, ".psgi")) {
data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c:717:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp(lazy+strlen(lazy)-3, ".pl")) {
data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c:752:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.wsgi_req->appid_len = strlen(mountpoint);
data/uwsgi-2.0.19.1/plugins/psgi/psgi_plugin.c:754:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return init_psgi_app(uwsgi.wsgi_req, app, strlen(app), NULL);
data/uwsgi-2.0.19.1/plugins/psgi/uwsgi_plmodule.c:959:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ST(0) = newSVpv(filename, strlen(filename));
data/uwsgi-2.0.19.1/plugins/pty/pty.c:139:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(upty.original_input, buf, 8192);
data/uwsgi-2.0.19.1/plugins/pty/pty.c:148:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(upty.master_fd, buf, 8192);
data/uwsgi-2.0.19.1/plugins/pty/pty.c:190:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(upc->fd, buf, 8192);
data/uwsgi-2.0.19.1/plugins/pty/pty.c:329:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(0, buf, 8192);
data/uwsgi-2.0.19.1/plugins/pty/pty.c:343:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(upty.server_fd, buf, 8192);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:100:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wi->mountpoint, wsgi_req->appid, wi->mountpoint_len);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:104:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wi->chdir, wsgi_req->chdir, wsgi_req->chdir_len < 0xff ? wsgi_req->chdir_len : (0xff-1));
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:188:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wi->touch_reload, wsgi_req->touch_reload, wsgi_req->touch_reload_len);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:218:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wi->mountpoint_len = strlen(wi->mountpoint) < 0xff ? strlen(wi->mountpoint) : (0xff-1);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:218:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wi->mountpoint_len = strlen(wi->mountpoint) < 0xff ? strlen(wi->mountpoint) : (0xff-1);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wi->mountpoint, tmp_mountpoint, wi->mountpoint_len);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:385:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->appid_len = strlen(wsgi_req->appid);
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:479:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module[strlen(module)] = ':';
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:494:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (quick_callable[strlen(quick_callable) -2 ] == '(' && quick_callable[strlen(quick_callable) -1] ==')') {
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:494:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (quick_callable[strlen(quick_callable) -2 ] == '(' && quick_callable[strlen(quick_callable) -1] ==')') {
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:495:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quick_callable[strlen(quick_callable) -2 ] = 0;
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:497:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quick_callable[strlen(quick_callable)] = '(';
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:513:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strcmp(what+strlen(what)-3, ".py") || !strcmp(what+strlen(what)-5, ".wsgi")) {
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:513:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strcmp(what+strlen(what)-3, ".py") || !strcmp(what+strlen(what)-5, ".wsgi")) {
data/uwsgi-2.0.19.1/plugins/python/pyloader.c:517:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp(what+strlen(what)-4, ".ini")) {
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:228:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(up.home) + 1;
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:257:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *pname = uwsgi_calloc(sizeof(wchar_t) * (strlen(program_name)+1));
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:258:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(pname, program_name, strlen(program_name)+1);
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:928:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(lazy + strlen(lazy) - 3, ".py")) {
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:932:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp(lazy + strlen(lazy) - 5, ".wsgi")) {
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:955:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi.wsgi_req->appid_len = strlen(mountpoint);
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:988:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1508:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = uwsgi_concat2n(mod_filename, strlen(mod_filename)-1, "", 0);
data/uwsgi-2.0.19.1/plugins/python/python_plugin.c:1908:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf, 8192);
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:188:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t class_len = strlen(class);
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:224:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msg_len = strlen(msg);
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:327:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *pname = uwsgi_calloc(sizeof(wchar_t) * (strlen(argv0)+1));
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:328:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs(pname, argv0, strlen(argv0)+1);
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:366:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *wcargv = uwsgi_calloc( sizeof( wchar_t ) * (strlen(py_argv_copy)+1));
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:379:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbstowcs( wcargv, ap, strlen(ap));
data/uwsgi-2.0.19.1/plugins/python/pyutils.c:381:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcargv += strlen(ap) + 1;
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:39:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prefix[strlen(prefix)-1] == '/') {
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:41:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = base + strlen(prefix);
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:45:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = base + strlen(prefix) + 1;
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:71:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prefix[strlen(prefix)-1] == '/') {
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:73:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = base + strlen(prefix);
data/uwsgi-2.0.19.1/plugins/python/symimporter.c:77:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = base + strlen(prefix) + 1;
data/uwsgi-2.0.19.1/plugins/python/tracebacker.c:181:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[1].iov_len = strlen(iov[1].iov_base);
data/uwsgi-2.0.19.1/plugins/python/tracebacker.c:196:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[3].iov_len = strlen(iov[3].iov_base);
data/uwsgi-2.0.19.1/plugins/python/tracebacker.c:202:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[5].iov_len = strlen(iov[5].iov_base);
data/uwsgi-2.0.19.1/plugins/python/tracebacker.c:218:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[7].iov_len = strlen(iov[7].iov_base);
data/uwsgi-2.0.19.1/plugins/python/tracebacker.c:247:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[9].iov_len = strlen(iov[9].iov_base);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:656:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(fd, buf, max_size);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:862:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(message);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1392:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(farmpoll[i].fd, message, 65536);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1888:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abs_path = malloc(strlen(uspool->dir) + 1 + strlen(dp->d_name) + 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1888:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abs_path = malloc(strlen(uspool->dir) + 1 + strlen(dp->d_name) + 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1895:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(abs_path, 0, strlen(uspool->dir) + 1 + strlen(dp->d_name) + 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1895:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(abs_path, 0, strlen(uspool->dir) + 1 + strlen(dp->d_name) + 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1897:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(abs_path, uspool->dir, strlen(uspool->dir));
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1898:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(abs_path + strlen(uspool->dir), "/", 1);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1899:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(abs_path + strlen(uspool->dir) + 1, dp->d_name, strlen(dp->d_name));
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:1899:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(abs_path + strlen(uspool->dir) + 1, dp->d_name, strlen(dp->d_name));
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2456:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &uh, 4);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:2469:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, uh.pktsize);
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3868:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(snmp_community) > 72) {
data/uwsgi-2.0.19.1/plugins/python/uwsgi_pymodule.c:3873:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(uwsgi.shared->snmp_community, snmp_community, strlen(snmp_community) + 1);
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(orig_argv[0]) + 1;
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:86:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(str) + 1;
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:111:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_argv_ptr += strlen(arg_str) + 1;
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:196:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += (wcslen(tmp_orig_argv[j]) + 1) * sizeof(wchar_t);
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:201:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(*env) + 1;
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:209:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strsize = (wcslen(tmp_orig_argv[j]) + 1) * sizeof(wchar_t);
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:212:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(orig_argv[j]) + 1;
data/uwsgi-2.0.19.1/plugins/pyuwsgi/pyuwsgi.c:231:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
orig_argv[i + 1] = arg + strlen(arg) + 1;
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:837:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_hash_aset(env, rb_str_new2("SERVER_PORT"), rb_str_new(server_port+1, strlen(server_port+1)));
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:1070:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(lazy+strlen(lazy)-3, ".ru")) {
data/uwsgi-2.0.19.1/plugins/rack/rack_plugin.c:1074:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strcmp(lazy+strlen(lazy)-3, ".rb")) {
data/uwsgi-2.0.19.1/plugins/rados/rados.c:126:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(urio->fds[0], &ack, 1) != 1) {
data/uwsgi-2.0.19.1/plugins/rados/rados.c:184:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(urio->fds[0], &ack, 1) != 1) {
data/uwsgi-2.0.19.1/plugins/rados/rados.c:240:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(urio->fds[0], &ack, 1) != 1) {
data/uwsgi-2.0.19.1/plugins/rados/rados.c:291:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(urio->fds[0], &ack, 1) != 1) {
data/uwsgi-2.0.19.1/plugins/rados/rados.c:406:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_app *ua = uwsgi_add_app(id, rados_plugin.modifier1, urmp->mountpoint, strlen(urmp->mountpoint), NULL, NULL);
data/uwsgi-2.0.19.1/plugins/rawrouter/rawrouter.c:236:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(rr->xclient, cs->client_address, strlen(cs->client_address))) return -1;
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:59:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret2 = read(uredislog->fd, uredislog->response, 8);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:137:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uredislog->iovec[0].iov_len = strlen(uredislog->command);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:147:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uredislog->iovec[4].iov_len = strlen(uredislog->prefix);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:163:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uredislog->password), (int)strlen(uredislog->password), uredislog->password);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uredislog->password), (int)strlen(uredislog->password), uredislog->password);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:176:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uredislog->id), (int)strlen(uredislog->id), uredislog->id);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:176:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uredislog->id), (int)strlen(uredislog->id), uredislog->id);
data/uwsgi-2.0.19.1/plugins/redislog/redislog_plugin.c:194:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uredislog->iovec[2].iov_len = strlen(uredislog->msgsize);
data/uwsgi-2.0.19.1/plugins/router_access/router_access.c:71:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:20:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uwsgi_sha1(pwd, strlen(pwd), sha1);
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:55:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t clen = strlen(cpwd);
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:194:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_basicauth/router_basicauth.c:197:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:316:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:333:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->key_len = strlen(urcc->key);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:338:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->gzip_len = strlen(urcc->gzip);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:343:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->name_len = strlen(urcc->name);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->value_len = strlen(urcc->value);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:376:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:394:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->key_len = strlen(urcc->key);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:404:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->content_type_len = strlen(urcc->content_type);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:407:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->content_encoding_len = strlen(urcc->content_encoding);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:423:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:436:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->key_len = strlen(urcc->key);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:440:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->value_len = strlen(urcc->value);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:444:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->name_len = strlen(urcc->name);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:503:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:515:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->key_len = strlen(urcc->key);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:519:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->value_len = strlen(urcc->value);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:523:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->name_len = strlen(urcc->name);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:550:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:564:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->key_len = strlen(urcc->key);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:568:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urcc->var_len = strlen(urcc->var);
data/uwsgi-2.0.19.1/plugins/router_cache/router_cache.c:595:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:84:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:97:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urec->filename_len = strlen(urec->filename);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:101:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urec->unixt_len = strlen(urec->unixt);
data/uwsgi-2.0.19.1/plugins/router_expires/expires.c:105:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urec->value_len = strlen(urec->value);
data/uwsgi-2.0.19.1/plugins/router_hash/router_hash.c:107:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_hash/router_hash.c:124:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urhc->key_len = strlen(urhc->key);
data/uwsgi-2.0.19.1/plugins/router_hash/router_hash.c:125:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urhc->var_len = strlen(urhc->var);
data/uwsgi-2.0.19.1/plugins/router_hash/router_hash.c:126:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urhc->items_len = strlen(urhc->items);
data/uwsgi-2.0.19.1/plugins/router_http/router_http.c:106:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_http/router_http.c:111:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(ur->data);
data/uwsgi-2.0.19.1/plugins/router_http/router_http.c:117:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data3_len = strlen(ur->data3);
data/uwsgi-2.0.19.1/plugins/router_http/router_http.c:119:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:79:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, expires, strlen(expires))) goto end2;
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:196:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf + pos, MEMCACHED_BUFSIZE - pos);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:199:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
goto read;
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:210:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf + pos, MEMCACHED_BUFSIZE - pos);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:213:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
goto read;
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:218:1: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read:
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:266:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf, UMIN(MEMCACHED_BUFSIZE, response_size));
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:275:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, UMIN(MEMCACHED_BUFSIZE, response_size));
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:301:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:318:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->key_len = strlen(urmc->key);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:319:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->addr_len = strlen(urmc->addr);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:322:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->content_type_len = strlen(urmc->content_type);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:337:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:352:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->key_len = strlen(urmc->key);
data/uwsgi-2.0.19.1/plugins/router_memcached/router_memcached.c:353:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->addr_len = strlen(urmc->addr);
data/uwsgi-2.0.19.1/plugins/router_metrics/plugin.c:49:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_metrics/plugin.c:55:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->value_len = strlen(urmc->value);
data/uwsgi-2.0.19.1/plugins/router_metrics/plugin.c:64:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urmc->name_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_metrics/plugin.c:110:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vallen = strlen(ret);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:110:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, access_request, access_request_len);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:182:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:200:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urc->realm_len = strlen(urc->realm);
data/uwsgi-2.0.19.1/plugins/router_radius/radius.c:201:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urc->secret_len = strlen(urc->secret);
data/uwsgi-2.0.19.1/plugins/router_redirect/router_redirect.c:56:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_redirect/router_redirect.c:64:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:80:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_num64(ub, strlen(expires))) goto end2;
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:82:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, expires, strlen(expires))) goto end2;
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:195:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf + pos, REDIS_BUFSIZE - pos);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:198:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
goto read;
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:209:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf + pos, REDIS_BUFSIZE - pos);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:212:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
goto read;
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:217:1: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read:
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:264:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(fd, buf, UMIN(REDIS_BUFSIZE, response_size));
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:273:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, UMIN(REDIS_BUFSIZE, response_size));
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:299:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:316:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urrc->key_len = strlen(urrc->key);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:317:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urrc->addr_len = strlen(urrc->addr);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:320:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urrc->content_type_len = strlen(urrc->content_type);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:335:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:350:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urrc->key_len = strlen(urrc->key);
data/uwsgi-2.0.19.1/plugins/router_redis/router_redis.c:351:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urrc->addr_len = strlen(urrc->addr);
data/uwsgi-2.0.19.1/plugins/router_rewrite/router_rewrite.c:27:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_string_len = strlen(query_string);
data/uwsgi-2.0.19.1/plugins/router_rewrite/router_rewrite.c:78:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_rewrite/router_rewrite.c:87:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_spnego/router_spnego.c:234:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:100:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, UMIN(32768, remains));
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:267:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:279:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:300:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urfc->filename_len = strlen(urfc->filename);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:304:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urfc->content_type_len = strlen(urfc->content_type);
data/uwsgi-2.0.19.1/plugins/router_static/router_static.c:309:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urfc->status_len = strlen(urfc->status);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:42:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_buffer *ub_addr = uwsgi_routing_translate(wsgi_req, ur, *subject, *subject_len, addr, strlen(addr));
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:132:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:137:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_header *uh = uwsgi_calloc(sizeof(struct uwsgi_header) + strlen(args) + 1);
data/uwsgi-2.0.19.1/plugins/router_uwsgi/router_uwsgi.c:147:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data2_len = strlen(ur->data2);
data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c:68:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_remaining = strlen(in) + 1;
data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c:117:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = xrealloc(buf, strlen(buf) + 1);
data/uwsgi-2.0.19.1/plugins/router_xmldir/router_xmldir.c:232:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:39:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argvs[*argc] = strlen(argv[*argc]);
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:181:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argvs[argc] = strlen(p);
data/uwsgi-2.0.19.1/plugins/rpc/rpc_plugin.c:614:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argvs[ur->custom] = strlen(p);
data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c:81:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dir = uwsgi_expand_path(usl->value, strlen(usl->value), NULL);
data/uwsgi-2.0.19.1/plugins/rrdtool/rrdtool.c:134:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uspi->data = uwsgi_expand_path(uspi->arg, strlen(uspi->arg), NULL);
data/uwsgi-2.0.19.1/plugins/sqlite3/plugin.c:21:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_len = strlen(fields[1]) + 1;
data/uwsgi-2.0.19.1/plugins/sqlite3/plugin.c:23:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_exported_option(uwsgi_strncopy(fields[0], strlen(fields[0])), value, 0);
data/uwsgi-2.0.19.1/plugins/ssi/ssi.c:53:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usc->name_len = strlen(name);
data/uwsgi-2.0.19.1/plugins/ssi/ssi.c:497:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c:86:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(value, strlen(value), ',', '=',
data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c:298:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (servername && strlen(servername) <= 0xff) {
data/uwsgi-2.0.19.1/plugins/sslrouter/sslrouter.c:299:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
peer->key_len = strlen(servername);
data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c:14:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(uspi->arg, strlen(uspi->arg), ',', '=', "path", &uspic->path, "separator", &uspic->separator, "freq", &uspic->freq, NULL)) {
data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c:39:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = write(fd, uspic->separator, strlen(uspic->separator));
data/uwsgi-2.0.19.1/plugins/stats_pusher_file/plugin.c:40:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (ssize_t) strlen(uspic->separator)) {
data/uwsgi-2.0.19.1/plugins/stats_pusher_mongodb/stats_pusher_mongodb.cc:21:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_kvlist_parse(uspi->arg, strlen(uspi->arg), ',', '=',
data/uwsgi-2.0.19.1/plugins/stats_pusher_socket/plugin.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sn->prefix_len = strlen(sn->prefix);
data/uwsgi-2.0.19.1/plugins/stats_pusher_statsd/plugin.c:55:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sn->prefix_len = strlen(sn->prefix);
data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c:37:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c:49:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct uwsgi_app *ua = uwsgi_add_app(id, symcall_plugin.modifier1, mountpoint, strlen(mountpoint), usl->custom_ptr, NULL);
data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c:51:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) *equal = '=';
data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c:131:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *func_name = uwsgi_concat2n(opt, strlen(opt)-2, "", 0);
data/uwsgi-2.0.19.1/plugins/symcall/symcall_plugin.c:169:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:10:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PyObject *read;
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:75:85: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (PyObject_CallMethod(utornado.ioloop, "add_handler", "iOO", fd, cb_fd, utornado.read) == NULL) {
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:244:106: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (PyObject_CallMethod(utornado.ioloop, "add_handler", "iOO", wsgi_req->fd, utornado.request, utornado.read) == NULL) {
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:378:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!utornado.read) uwsgi_pyexit;
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:389:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Py_INCREF(utornado.read);
data/uwsgi-2.0.19.1/plugins/tornado/tornado.c:395:113: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (PyObject_CallMethod(utornado.ioloop, "add_handler", "iOO", uwsgi_sock->fd, uwsgi_tornado_accept, utornado.read) == NULL) {
data/uwsgi-2.0.19.1/plugins/transformation_tofile/tofile.c:91:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/transformation_tofile/tofile.c:105:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urtc->filename_len = strlen(urtc->filename);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:212:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uttp->fd, uttp->buf + uttp->buf_pos, uttp->buf_pktsize - uttp->buf_pos);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:272:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uttp->fd, uttp->header + uttp->header_pos, 4 - uttp->header_pos);
data/uwsgi-2.0.19.1/plugins/tuntap/common.c:357:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IFNAMSIZ);
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:115:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uttr->fd, uttr->buf, utt.buffer_size);
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:257:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uttr->fd, uttr->buf, utt.buffer_size);
data/uwsgi-2.0.19.1/plugins/tuntap/tuntap.c:319:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(uttr->gateway_fd, uttr->gateway_buf, utt.buffer_size);
data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc:120:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_add_header(wsgi_req, *c_key, strlen(*c_key), *c_value, strlen(*c_value))) goto end;
data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc:120:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_add_header(wsgi_req, *c_key, strlen(*c_key), *c_value, strlen(*c_value))) goto end;
data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc:125:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_add_header(wsgi_req, *c_key, strlen(*c_key), *c_value, strlen(*c_value))) goto end;
data/uwsgi-2.0.19.1/plugins/v8/v8_jsgi.cc:125:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_add_header(wsgi_req, *c_key, strlen(*c_key), *c_value, strlen(*c_value))) goto end;
data/uwsgi-2.0.19.1/plugins/v8/v8_uwsgi.cc:126:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(*str);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:241:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t uri_len = strlen(uri) ;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:287:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *mime_type = uwsgi_get_mime_type(filename, strlen(filename), &mime_type_len);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:331:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *current_user_principal = uwsgi_concat2n(udav.principal_base, strlen(udav.principal_base), wsgi_req->remote_user, wsgi_req->remote_user_len);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:429:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_starts_with(key, strlen(key), "user.uwsgi.webdav.", 18)) {
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:430:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_string_list_has_item(udav.skip_prop, key + 18, strlen(key + 18))) continue;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:490:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t docroot_len = strlen(docroot);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:500:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(filename);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:559:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = uwsgi_concat2n(wsgi_req->path_info, wsgi_req->path_info_len, de.d_name, strlen(de.d_name));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:560:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
direntry = uwsgi_concat3n(filename, filename_len, "/", 1, de.d_name, strlen(de.d_name));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:563:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = uwsgi_concat3n(wsgi_req->path_info, wsgi_req->path_info_len, "/", 1, de.d_name, strlen(de.d_name));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:564:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
direntry = uwsgi_concat3n(filename, filename_len, "/", 1, de.d_name, strlen(de.d_name));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:651:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setxattr(filename, xattr_name, body, strlen(body), 0);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:653:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = setxattr(filename, xattr_name, body, strlen(body), 0, 0);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:761:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t uri_len = strlen(uri) ;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:907:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, udav.class_directory, strlen(udav.class_directory))) return -1;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:934:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, dir, strlen(dir))) goto end;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:958:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_buffer_append(ub, udav.div, strlen(udav.div))) goto end;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:973:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_webdav_dirlist_add_item(ub, tasklist[i]->d_name, strlen(tasklist[i]->d_name), tasklist[i]->d_type == DT_DIR ? 1 : 0)) {
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:992:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_webdav_dirlist_add_item(ub, de.d_name, strlen(de.d_name), de.d_type == DT_DIR ? 1 : 0)) goto end;
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1053:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uwsgi_response_add_header(wsgi_req, "ETag", 4, etag, strlen(etag))) {
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1065:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, UMIN(32768, remains));
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1390:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1394:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mountpoint_len = strlen(mountpoint);
data/uwsgi-2.0.19.1/plugins/webdav/webdav.c:1402:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:67:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t params_len = strlen(params);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:79:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:148:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uxslt.content_type_len = strlen(uxslt.content_type);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:181:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uwsgi_expand_path(xmlfile, strlen(xmlfile), filename)) {
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:192:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(filename);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:434:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:451:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urxc->doc_len = strlen(urxc->doc);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:452:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urxc->stylesheet_len = strlen(urxc->stylesheet);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:454:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (urxc->params) urxc->params_len = strlen(urxc->params);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:456:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urxc->content_type_len = strlen(urxc->content_type);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:464:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ur->data_len = strlen(args);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:480:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urxc->stylesheet_len = strlen(urxc->stylesheet);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:482:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (urxc->params) urxc->params_len = strlen(urxc->params);
data/uwsgi-2.0.19.1/plugins/xslt/xslt.c:484:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urxc->content_type_len = strlen(urxc->content_type);
data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!uspi->arg || strlen(uspi->arg) == 0) {
data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c:67:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zn->prefix_len = strlen(zn->prefix);
data/uwsgi-2.0.19.1/plugins/zabbix/plugin.c:132:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, 4096) <= 0) {
data/uwsgi-2.0.19.1/proto/base.c:325:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rlen = read(fd, buf, UMIN(len-wsgi_req->write_pos, 32768));
data/uwsgi-2.0.19.1/proto/base.c:364:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(wsgi_req->fd, buf, len);
data/uwsgi-2.0.19.1/proto/fastcgi.c:87:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(wsgi_req->fd, wsgi_req->proto_parser_buf + wsgi_req->proto_parser_pos, wsgi_req->proto_parser_buf_size - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/proto/fastcgi.c:228:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(wsgi_req->fd, wsgi_req->proto_parser_buf + wsgi_req->proto_parser_pos, wsgi_req->proto_parser_buf_size - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/proto/http.c:281:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "SERVER_PORT", 11, server_port+1, strlen(server_port+1));
data/uwsgi-2.0.19.1/proto/http.c:318:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REMOTE_ADDR", 11, ip, strlen(ip));
data/uwsgi-2.0.19.1/proto/http.c:325:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REMOTE_ADDR", 11, ip, strlen(ip));
data/uwsgi-2.0.19.1/proto/http.c:338:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsgi_req->uh->pktsize += proto_base_add_uwsgi_var(wsgi_req, "REMOTE_ADDR", 11, ip, strlen(ip));
data/uwsgi-2.0.19.1/proto/http.c:455:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(wsgi_req->fd, wsgi_req->proto_parser_buf + wsgi_req->proto_parser_pos, uwsgi.buffer_size - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/proto/puwsgi.c:20:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(wsgi_req->fd, ptr + wsgi_req->proto_parser_pos, 4 - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/proto/puwsgi.c:37:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(wsgi_req->fd, ptr + wsgi_req->proto_parser_pos, wsgi_req->uh->pktsize - (wsgi_req->proto_parser_pos-4));
data/uwsgi-2.0.19.1/proto/scgi.c:84:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(wsgi_req->fd, ptr + wsgi_req->proto_parser_pos, uwsgi.buffer_size - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/proto/uwsgi.c:9:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read(wsgi_req->fd, ptr + wsgi_req->proto_parser_pos, (uwsgi.buffer_size + 4) - wsgi_req->proto_parser_pos);
data/uwsgi-2.0.19.1/uwsgi.h:32:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uwsgi_rawlog(x) if (write(2, x, strlen(x)) != strlen(x)) uwsgi_error("write()")
data/uwsgi-2.0.19.1/uwsgi.h:32:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uwsgi_rawlog(x) if (write(2, x, strlen(x)) != strlen(x)) uwsgi_error("write()")
ANALYSIS SUMMARY:
Hits = 1962
Lines analyzed = 113619 in approximately 2.71 seconds (41906 lines/second)
Physical Source Lines of Code (SLOC) = 87609
Hits@level = [0] 136 [1] 997 [2] 837 [3] 51 [4] 59 [5] 18
Hits@level+ = [0+] 2098 [1+] 1962 [2+] 965 [3+] 128 [4+] 77 [5+] 18
Hits/KSLOC@level+ = [0+] 23.9473 [1+] 22.395 [2+] 11.0149 [3+] 1.46104 [4+] 0.878905 [5+] 0.205458
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.