Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xl2tpd-1.3.12/aaa.c Examining data/xl2tpd-1.3.12/aaa.h Examining data/xl2tpd-1.3.12/avp.c Examining data/xl2tpd-1.3.12/avp.h Examining data/xl2tpd-1.3.12/avpsend.c Examining data/xl2tpd-1.3.12/call.c Examining data/xl2tpd-1.3.12/call.h Examining data/xl2tpd-1.3.12/common.h Examining data/xl2tpd-1.3.12/contrib/pfc.c Examining data/xl2tpd-1.3.12/control.c Examining data/xl2tpd-1.3.12/control.h Examining data/xl2tpd-1.3.12/file.c Examining data/xl2tpd-1.3.12/file.h Examining data/xl2tpd-1.3.12/ipsecmast.h Examining data/xl2tpd-1.3.12/l2tp.h Examining data/xl2tpd-1.3.12/md5.c Examining data/xl2tpd-1.3.12/md5.h Examining data/xl2tpd-1.3.12/misc.c Examining data/xl2tpd-1.3.12/misc.h Examining data/xl2tpd-1.3.12/network.c Examining data/xl2tpd-1.3.12/osport.h Examining data/xl2tpd-1.3.12/pty.c Examining data/xl2tpd-1.3.12/scheduler.c Examining data/xl2tpd-1.3.12/scheduler.h Examining data/xl2tpd-1.3.12/xl2tpd-control.c Examining data/xl2tpd-1.3.12/xl2tpd.c FINAL RESULTS: data/xl2tpd-1.3.12/avpsend.c:112:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), VENDOR_NAME); data/xl2tpd-1.3.12/control.c:1036:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dummy_buf, c->dial_no); /* jz: use /etc/ppp/dialnumber.options for pppd - kick it if you don't like */ data/xl2tpd-1.3.12/file.c:924:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ip_hi, value); data/xl2tpd-1.3.12/file.c:934:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(e, d); data/xl2tpd-1.3.12/file.h:157:9: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. int syslog; /* Use syslog for logging? */ data/xl2tpd-1.3.12/misc.c:57:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (buf, sizeof (buf), fmt, args); data/xl2tpd-1.3.12/misc.c:60:16: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. if(gconfig.syslog) { data/xl2tpd-1.3.12/misc.c:75:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (c->errormsg, sizeof (c->errormsg), fmt, args); data/xl2tpd-1.3.12/misc.c:237:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (new->option, sizeof (new->option), fmt, args); data/xl2tpd-1.3.12/network.c:724:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sc->errormsg, strerror (-result)); data/xl2tpd-1.3.12/xl2tpd-control.c:232:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (result_filename, 128, RESULT_FILENAME_FORMAT, getpid()); data/xl2tpd-1.3.12/xl2tpd-control.c:340:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, fmt, args); data/xl2tpd-1.3.12/xl2tpd.c:571:9: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv (PPPD, stropt); data/xl2tpd-1.3.12/xl2tpd.c:787:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp->dial_no, dial_no_tmp); /* jz: copy dialnumber to tmp->dial_no */ data/xl2tpd-1.3.12/xl2tpd.c:934:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (res_file, fmt, args); data/xl2tpd-1.3.12/xl2tpd.c:1300:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dial_no_tmp, tmp_ptr); data/xl2tpd-1.3.12/xl2tpd.c:1732:17: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. if (gconfig.syslog < 0) data/xl2tpd-1.3.12/file.c:1271:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seconds); data/xl2tpd-1.3.12/osport.h:32:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define random(X) ((int)rand(X)) data/xl2tpd-1.3.12/osport.h:33:11: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define srandom(X) ((void)srand(X)) data/xl2tpd-1.3.12/osport.h:33:37: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define srandom(X) ((void)srand(X)) data/xl2tpd-1.3.12/xl2tpd.c:1842:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( time(NULL) ); data/xl2tpd-1.3.12/aaa.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STRLEN]; data/xl2tpd-1.3.12/aaa.c:142:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (gconfig.authfile, "r"); data/xl2tpd-1.3.12/aaa.c:376:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD_SIG_SIZE]; data/xl2tpd-1.3.12/aaa.c:441:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD_SIG_SIZE]; data/xl2tpd-1.3.12/aaa.c:447:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char saved_segment[MD_SIG_SIZE]; data/xl2tpd-1.3.12/aaa.c:491:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (saved_segment, ptr, saved_segment_len); data/xl2tpd-1.3.12/aaa.h:39:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char secret[MAXSTRLEN]; /* The shared secret */ data/xl2tpd-1.3.12/aaa.h:42:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char response[MD_SIG_SIZE]; /* What we expect as a respsonse */ data/xl2tpd-1.3.12/aaa.h:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reply[MD_SIG_SIZE]; /* What the peer sent */ data/xl2tpd-1.3.12/avp.c:1153:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (&raw[3].s, (t->chal_us.challenge), size); data/xl2tpd-1.3.12/avp.c:1205:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (&raw[3].s, t->chal_them.reply, MD_SIG_SIZE); data/xl2tpd-1.3.12/avpsend.c:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); data/xl2tpd-1.3.12/avpsend.c:146:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); data/xl2tpd-1.3.12/avpsend.c:154:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), c, len); data/xl2tpd-1.3.12/avpsend.c:166:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) &ptr->s2, msg, len); data/xl2tpd-1.3.12/call.c:494:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char entropy_buf[2] = "\0"; data/xl2tpd-1.3.12/call.h:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dialed[MAXSTRLEN]; /* Number dialed for call */ data/xl2tpd-1.3.12/call.h:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dialing[MAXSTRLEN]; /* Original caller ID */ data/xl2tpd-1.3.12/call.h:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subaddy[MAXSTRLEN]; /* Sub address */ data/xl2tpd-1.3.12/call.h:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rbuf[MAX_RECV_SIZE]; /* pty read buffer */ data/xl2tpd-1.3.12/call.h:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errormsg[MAXSTRLEN]; /* Error message */ data/xl2tpd-1.3.12/call.h:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dial_no[128]; /* jz: dialing number for outgoing call */ data/xl2tpd-1.3.12/contrib/pfc.c:38:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dflag = atoi (argv[2]); data/xl2tpd-1.3.12/control.c:199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip1[STRLEN]; data/xl2tpd-1.3.12/control.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip2[STRLEN]; data/xl2tpd-1.3.12/control.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy_buf[128] = "/var/l2tp/"; /* jz: needed to read /etc/ppp/var.options - just kick it if you don't like */ data/xl2tpd-1.3.12/control.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwdfd_buf[32] = ""; /* buffer for the fd, not the password */ data/xl2tpd-1.3.12/control.c:1037:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dummy_buf, ".options"); data/xl2tpd-1.3.12/control.c:1603:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char wbuf[MAX_RECV_SIZE]; data/xl2tpd-1.3.12/file.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filerr[STRLEN]; data/xl2tpd-1.3.12/file.c:58:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (gconfig.configfile, "r"); data/xl2tpd-1.3.12/file.c:61:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (gconfig.altconfigfile, "r"); data/xl2tpd-1.3.12/file.c:209:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((val = atoi (value)) < 0) data/xl2tpd-1.3.12/file.c:248:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (value) < 1) data/xl2tpd-1.3.12/file.c:273:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (value) < -1) data/xl2tpd-1.3.12/file.c:319:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (value) < 1 ) data/xl2tpd-1.3.12/file.c:379:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (value) < 1) data/xl2tpd-1.3.12/file.c:913:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (hp->h_addr, &ipr->start, sizeof (unsigned int)); data/xl2tpd-1.3.12/file.c:916:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_hi[16]; data/xl2tpd-1.3.12/file.c:945:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (hp->h_addr, &ipr->end, sizeof (unsigned int)); data/xl2tpd-1.3.12/file.c:1069:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (hp->h_addr, addr, sizeof (unsigned int)); data/xl2tpd-1.3.12/file.c:1179:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ipr->port = atoi (d); data/xl2tpd-1.3.12/file.c:1311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xl2tpd-1.3.12/file.h:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[STRLEN]; data/xl2tpd-1.3.12/file.h:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authname[STRLEN]; /* Who we authenticate as */ data/xl2tpd-1.3.12/file.h:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peername[STRLEN]; /* Force peer name to this */ data/xl2tpd-1.3.12/file.h:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[STRLEN]; /* Hostname to report */ data/xl2tpd-1.3.12/file.h:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entname[STRLEN]; /* Name of this entry */ data/xl2tpd-1.3.12/file.h:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pppoptfile[STRLEN]; /* File containing PPP options */ data/xl2tpd-1.3.12/file.h:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authname[STRLEN]; /* Who we authenticate as */ data/xl2tpd-1.3.12/file.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[STRLEN]; /* Password to authenticate with */ data/xl2tpd-1.3.12/file.h:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peername[STRLEN]; /* Force peer name to this */ data/xl2tpd-1.3.12/file.h:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[STRLEN]; /* Hostname to report */ data/xl2tpd-1.3.12/file.h:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entname[STRLEN]; /* Name of this entry */ data/xl2tpd-1.3.12/file.h:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pppoptfile[STRLEN]; /* File containing PPP options */ data/xl2tpd-1.3.12/file.h:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authfile[STRLEN]; /* File containing authentication info */ data/xl2tpd-1.3.12/file.h:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char altauthfile[STRLEN]; /* File containing authentication info */ data/xl2tpd-1.3.12/file.h:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char configfile[STRLEN]; /* File containing configuration info */ data/xl2tpd-1.3.12/file.h:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char altconfigfile[STRLEN]; /* File containing configuration info */ data/xl2tpd-1.3.12/file.h:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidfile[STRLEN]; /* File containing the pid number*/ data/xl2tpd-1.3.12/file.h:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controlfile[STRLEN]; /* Control file name (named pipe) */ data/xl2tpd-1.3.12/file.h:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controltos[STRLEN]; /* Control TOS value */ data/xl2tpd-1.3.12/l2tp.h:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAXSTRLEN]; /* Remote hostname */ data/xl2tpd-1.3.12/l2tp.h:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor[MAXSTRLEN]; /* Vendor of remote product */ data/xl2tpd-1.3.12/l2tp.h:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char secret[MAXSTRLEN]; /* Secret to use */ data/xl2tpd-1.3.12/md5.c:100:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, buf, len); data/xl2tpd-1.3.12/md5.c:103:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, buf, t); data/xl2tpd-1.3.12/md5.c:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctx->in, buf, 64); data/xl2tpd-1.3.12/md5.c:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctx->in, buf, len); data/xl2tpd-1.3.12/md5.c:129:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void MD5Final (unsigned char digest[16], struct MD5Context *ctx) data/xl2tpd-1.3.12/md5.c:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits)); data/xl2tpd-1.3.12/md5.c:168:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (digest, ctx->buf, 16); data/xl2tpd-1.3.12/md5.h:15:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[64]; data/xl2tpd-1.3.12/md5.h:21:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void MD5Final (unsigned char digest[16], struct MD5Context *context); data/xl2tpd-1.3.12/misc.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/xl2tpd-1.3.12/misc.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2 * bufferDumpWIDTH + 1], *c; data/xl2tpd-1.3.12/misc.c:123:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (c, "%02x", (buf[i * bufferDumpWIDTH + j]) & 0xff); data/xl2tpd-1.3.12/misc.c:136:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (c, "%02x", data/xl2tpd-1.3.12/misc.c:292:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). devrandom = open ("/dev/urandom", O_RDONLY | O_NONBLOCK); data/xl2tpd-1.3.12/misc.h:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[MAXSTRLEN]; data/xl2tpd-1.3.12/network.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256]; data/xl2tpd-1.3.12/network.c:254:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t->self->errormsg, "Timeout"); data/xl2tpd-1.3.12/network.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[CMSG_SPACE(sizeof (unsigned int) + sizeof (struct in_pktinfo))]; data/xl2tpd-1.3.12/network.c:459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[256]; data/xl2tpd-1.3.12/network.c:713:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tosval_dec=atoi(gconfig.controltos); data/xl2tpd-1.3.12/osport.h:23:10: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(S1, S2, LEN) ((void)memmove(S2, S1, LEN)) data/xl2tpd-1.3.12/pty.c:65:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (dev, O_RDWR | O_NONBLOCK); data/xl2tpd-1.3.12/pty.c:83:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/ptmx", O_RDWR); data/xl2tpd-1.3.12/xl2tpd-control.c:40:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_filename[128]; data/xl2tpd-1.3.12/xl2tpd-control.c:228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CONTROL_PIPE_MESSAGE_SIZE] = ""; data/xl2tpd-1.3.12/xl2tpd-control.c:236:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). result_fd = open (result_filename, O_RDONLY | O_NONBLOCK, 0600); data/xl2tpd-1.3.12/xl2tpd-control.c:283:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int control_fd = open (control_filename, O_WRONLY | O_NONBLOCK, 0600); data/xl2tpd-1.3.12/xl2tpd-control.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[CONTROL_PIPE_MESSAGE_SIZE] = ""; data/xl2tpd-1.3.12/xl2tpd.c:316:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (st->self->errormsg, "Server closing"); data/xl2tpd-1.3.12/xl2tpd.c:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty[512]; data/xl2tpd-1.3.12/xl2tpd.c:379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *stropt[80]; data/xl2tpd-1.3.12/xl2tpd.c:478:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd2 = open (tty, O_RDWR); data/xl2tpd-1.3.12/xl2tpd.c:506:15: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. c->pppd = vfork (); data/xl2tpd-1.3.12/xl2tpd.c:704:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (hp->h_addr, &addr.s_addr, hp->h_length); data/xl2tpd-1.3.12/xl2tpd.c:844:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tmp->errormsg, "Goodbye!"); data/xl2tpd-1.3.12/xl2tpd.c:868:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (t->self->errormsg, "Goodbye!"); data/xl2tpd-1.3.12/xl2tpd.c:881:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char entropy_buf[2] = "\0"; data/xl2tpd-1.3.12/xl2tpd.c:1269:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tunl = atoi (tunstr); data/xl2tpd-1.3.12/xl2tpd.c:1325:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tunl = atoi (tunstr); data/xl2tpd-1.3.12/xl2tpd.c:1348:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). call = atoi (callstr); data/xl2tpd-1.3.12/xl2tpd.c:1387:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tunl = atoi (tunstr); data/xl2tpd-1.3.12/xl2tpd.c:1539:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CONTROL_PIPE_MESSAGE_SIZE]; data/xl2tpd-1.3.12/xl2tpd.c:1591:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). resf = fopen (res_filename, "w"); data/xl2tpd-1.3.12/xl2tpd.c:1716:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(gconfig.controltos)<0 || atoi(gconfig.controltos)>255) data/xl2tpd-1.3.12/xl2tpd.c:1716:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(gconfig.controltos)<0 || atoi(gconfig.controltos)>255) data/xl2tpd-1.3.12/xl2tpd.c:1755:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open("/dev/null", O_RDWR); data/xl2tpd-1.3.12/xl2tpd.c:1771:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STRLEN]; data/xl2tpd-1.3.12/xl2tpd.c:1774:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open(gconfig.pidfile,O_RDONLY); data/xl2tpd-1.3.12/xl2tpd.c:1786:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atoi(buf); data/xl2tpd-1.3.12/xl2tpd.c:1804:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) { data/xl2tpd-1.3.12/xl2tpd.c:1819:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). control_fd = open (gconfig.controlfile, O_RDONLY | O_NONBLOCK, 0600); data/xl2tpd-1.3.12/aaa.c:161:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (t = buf + strlen (buf) - 1; (t >= buf) && (*t < 33); t--) data/xl2tpd-1.3.12/aaa.c:163:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (buf)) data/xl2tpd-1.3.12/aaa.c:211:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((char *)secret, s, size); data/xl2tpd-1.3.12/aaa.c:269:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferDump (chal->secret, strlen (chal->secret)); data/xl2tpd-1.3.12/aaa.c:278:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); data/xl2tpd-1.3.12/aaa.c:398:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((char *)t->chal_them.secret)); data/xl2tpd-1.3.12/aaa.c:426:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((char *)t->chal_them.secret)); data/xl2tpd-1.3.12/aaa.c:464:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((char *)t->chal_us.secret)); data/xl2tpd-1.3.12/aaa.c:479:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((char *)t->chal_us.secret)); data/xl2tpd-1.3.12/avpsend.c:98:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(hostname); data/xl2tpd-1.3.12/avpsend.c:103:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), data/xl2tpd-1.3.12/avpsend.c:111:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_nonmandatory_header(buf, 0x6 + strlen (VENDOR_NAME), 0x8); data/xl2tpd-1.3.12/avpsend.c:113:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf->len += 0x6 + strlen (VENDOR_NAME); data/xl2tpd-1.3.12/avpsend.c:296:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_header(buf, (0x6 + strlen (no)), 0x15); data/xl2tpd-1.3.12/avpsend.c:297:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), no, strlen (no)); data/xl2tpd-1.3.12/avpsend.c:297:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy ((char *) (buf->start + buf->len + sizeof(struct avp_hdr)), no, strlen (no)); data/xl2tpd-1.3.12/avpsend.c:298:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf->len += 0x6 + strlen (no); data/xl2tpd-1.3.12/call.c:105:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c->rbuf_max = read(c->fd, c->rbuf, sizeof (c->rbuf)); data/xl2tpd-1.3.12/call.c:297:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (c->errormsg)); data/xl2tpd-1.3.12/call.c:356:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (c->errormsg)); data/xl2tpd-1.3.12/control.c:426:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!strlen (t->hostname)) && ((t->chal_us.state) || ((t->lns->challenge)))) data/xl2tpd-1.3.12/control.c:550:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!strlen (t->hostname)) && ((t->chal_them.state) || ((t->chal_us.state)))) data/xl2tpd-1.3.12/control.c:868:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1)); data/xl2tpd-1.3.12/control.c:869:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2)); data/xl2tpd-1.3.12/control.c:909:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (-1 == write (pppd_passwdfd[1], c->lac->password, strlen (c->lac->password))) data/xl2tpd-1.3.12/control.c:976:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip1, IPADDY (c->lns->localaddr), sizeof (ip1)); data/xl2tpd-1.3.12/control.c:977:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip2, IPADDY (c->addr), sizeof (ip2)); data/xl2tpd-1.3.12/control.c:1043:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1)); data/xl2tpd-1.3.12/control.c:1044:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2)); data/xl2tpd-1.3.12/file.c:66:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (gconfig.authfile, gconfig.altauthfile, data/xl2tpd-1.3.12/file.c:223:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ptr, value, len); data/xl2tpd-1.3.12/file.c:402:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (value)) data/xl2tpd-1.3.12/file.c:415:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (((struct global *) item)->authfile, value, data/xl2tpd-1.3.12/file.c:898:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (value) || (c && !strlen (d))) data/xl2tpd-1.3.12/file.c:898:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (value) || (c && !strlen (d))) data/xl2tpd-1.3.12/file.c:933:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ip_hi + sizeof(ip_hi)-e > strlen(d)) { data/xl2tpd-1.3.12/file.c:1177:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ipr->hostname, value, sizeof (ipr->hostname)); data/xl2tpd-1.3.12/file.c:1280:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) == 0) data/xl2tpd-1.3.12/file.c:1328:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). has_lf = buf[strlen(buf) - 1] == '\n'; data/xl2tpd-1.3.12/file.c:1343:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (buf)) data/xl2tpd-1.3.12/file.c:1347:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s); data/xl2tpd-1.3.12/file.c:1350:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (s)) data/xl2tpd-1.3.12/file.c:1391:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (deflns->entname, "default", data/xl2tpd-1.3.12/file.c:1419:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (((struct lns *) data)->entname, data/xl2tpd-1.3.12/file.c:1434:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (deflac->entname, "default", data/xl2tpd-1.3.12/file.c:1462:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (((struct lac *) data)->entname, data/xl2tpd-1.3.12/misc.c:76:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (c->errormsg[strlen (c->errormsg) - 1] == '\n') data/xl2tpd-1.3.12/misc.c:77:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c->errormsg[strlen (c->errormsg) - 1] = 0; data/xl2tpd-1.3.12/misc.c:219:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (a, b, MIN (size, MAXSTRLEN - 1)); data/xl2tpd-1.3.12/misc.c:302:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). entropy_amount = read(devrandom, buf, count); data/xl2tpd-1.3.12/pty.c:110:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ttybuf, tty, ttybuflen); data/xl2tpd-1.3.12/pty.c:130:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(ttybuf, tty, ttybuflen); data/xl2tpd-1.3.12/xl2tpd-control.c:361:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read (result_fd, buf + readed, size - readed); data/xl2tpd-1.3.12/xl2tpd-control.c:377:22: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(10); data/xl2tpd-1.3.12/xl2tpd-control.c:419:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (eqv != (optv[i] + strlen(optv[i]) - 1)) data/xl2tpd-1.3.12/xl2tpd.c:952:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s); data/xl2tpd-1.3.12/xl2tpd.c:955:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen (s)) data/xl2tpd-1.3.12/xl2tpd.c:1084:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (lns->entname, tunstr, sizeof (lns->entname)); data/xl2tpd-1.3.12/xl2tpd.c:1093:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufp = tunstr + strlen (tunstr) + 1; data/xl2tpd-1.3.12/xl2tpd.c:1252:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (lac->authname, authname, STRLEN); data/xl2tpd-1.3.12/xl2tpd.c:1254:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (lac->password, password, STRLEN); data/xl2tpd-1.3.12/xl2tpd.c:1411:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!tunstr) || (!strlen (tunstr))) data/xl2tpd-1.3.12/xl2tpd.c:1419:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufp = tunstr + strlen (tunstr) + 1; data/xl2tpd-1.3.12/xl2tpd.c:1440:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (lac->entname, tunstr, sizeof (lac->entname)); data/xl2tpd-1.3.12/xl2tpd.c:1555:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cnt = read (control_fd, buf, sizeof (buf)); data/xl2tpd-1.3.12/xl2tpd.c:1655:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.altauthfile,ALT_DEFAULT_AUTH_FILE, data/xl2tpd-1.3.12/xl2tpd.c:1657:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.altconfigfile,ALT_DEFAULT_CONFIG_FILE, data/xl2tpd-1.3.12/xl2tpd.c:1659:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.authfile,DEFAULT_AUTH_FILE, data/xl2tpd-1.3.12/xl2tpd.c:1661:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.configfile,DEFAULT_CONFIG_FILE, data/xl2tpd-1.3.12/xl2tpd.c:1663:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.pidfile,DEFAULT_PID_FILE, data/xl2tpd-1.3.12/xl2tpd.c:1665:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.controlfile,CONTROL_PIPE, data/xl2tpd-1.3.12/xl2tpd.c:1680:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.configfile,argv[i], data/xl2tpd-1.3.12/xl2tpd.c:1693:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.authfile,argv[i], data/xl2tpd-1.3.12/xl2tpd.c:1700:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.pidfile,argv[i], data/xl2tpd-1.3.12/xl2tpd.c:1707:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.controlfile,argv[i], data/xl2tpd-1.3.12/xl2tpd.c:1714:14: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gconfig.controltos,argv[i], data/xl2tpd-1.3.12/xl2tpd.c:1781:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). l=read(i,buf,sizeof(buf)-1); data/xl2tpd-1.3.12/xl2tpd.c:1806:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (-1 == write (i, buf, strlen(buf))) ANALYSIS SUMMARY: Hits = 216 Lines analyzed = 12151 in approximately 0.32 seconds (37555 lines/second) Physical Source Lines of Code (SLOC) = 9989 Hits@level = [0] 105 [1] 78 [2] 116 [3] 5 [4] 17 [5] 0 Hits@level+ = [0+] 321 [1+] 216 [2+] 138 [3+] 22 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 32.1353 [1+] 21.6238 [2+] 13.8152 [3+] 2.20242 [4+] 1.70187 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.